Vulnerability-Lookup

WID-SEC-W-2024-3189

Vulnerability from csaf_certbund - Published: 2024-10-15 22:00 - Updated: 2025-06-22 22:00

Summary

Oracle Java SE: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2023-42950

Affected products

Known affected 94 products

Product	Identifier	Version
IBM Business Automation Workflow 23.0.1 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:23.0.1`	23.0.1
Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.15 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15`	Oracle GraalVM Enterprise Edition: 20.3.15
IBM Sterling Connect:Direct <6.2.0.26 IBM / Sterling Connect:Direct		<6.2.0.26
Oracle Java SE Oracle Java SE 17.0.12 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_17.0.12`	Oracle Java SE 17.0.12
IBM Storwize V5000 IBM / Storwize	`cpe:/a:ibm:storwize:v5000`	V5000
Hitachi Configuration Manager Hitachi	`cpe:/a:hitachi:configuration_manager:-`	—
IBM Storwize V5100 IBM / Storwize	`cpe:/a:ibm:storwize:v5100`	V5100
Oracle Java SE Oracle Java SE 23 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_23`	Oracle Java SE 23
IBM App Connect Enterprise <12.0.12.9 IBM / App Connect Enterprise		<12.0.12.9
Oracle Java SE Oracle Java SE 21.0.4 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_21.0.4`	Oracle Java SE 21.0.4
IBM App Connect Enterprise <13.0.2.0 IBM / App Connect Enterprise		<13.0.2.0
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM WebSphere Application Server 8.5 IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:8.5`	8.5
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
Oracle Java SE Oracle Java SE 8u421 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_8u421`	Oracle Java SE 8u421
IBM Spectrum Protect IBM	`cpe:/a:ibm:spectrum_protect:-`	—
IBM WebSphere Application Server 9.0 IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:9.0`	9
Oracle Java SE Oracle GraalVM Enterprise Edition 20.3.15 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15`	Oracle GraalVM Enterprise Edition 20.3.15
Oracle Java SE Oracle GraalVM Enterprise Edition 21.3.11 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11`	Oracle GraalVM Enterprise Edition 21.3.11
Hitachi Ops Center Hitachi	`cpe:/a:hitachi:ops_center:-`	—
Oracle Java SE Oracle Java SE 11.0.24 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_11.0.24`	Oracle Java SE 11.0.24
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
IBM SAN Volume Controller IBM	`cpe:/a:ibm:san_volume_controller:-`	—
IBM Storwize V7000 IBM / Storwize	`cpe:/a:ibm:storwize:v7000`	V7000
Oracle Java SE Oracle GraalVM for JDK 23 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_23`	Oracle GraalVM for JDK 23
IBM MQ 9.3 IBM / MQ	`cpe:/a:ibm:mq:9.3`	9.3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Java IBM	`cpe:/a:ibm:jre:-`	—
IBM Sterling Connect:Direct 6.3 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.3`	6.3
IBM Sterling Connect:Direct 6.2 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.2`	6.2
IBM Sterling Connect:Direct 6.1 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.1`	6.1
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
IBM VIOS 3.1 IBM / VIOS	`cpe:/a:ibm:vios:3.1`	3.1
IBM Business Automation Workflow 23.0.2 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:23.0.2`	23.0.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Dell NetWorker Runtime Environment <8.0.23 Dell / NetWorker		Runtime Environment <8.0.23
IBM Sterling Connect:Direct for Unix <6.3.0.4.iFix004 IBM / Sterling Connect:Direct		for Unix <6.3.0.4.iFix004
IBM Sterling Connect:Direct for Unix <6.1.0.4.iFix121 IBM / Sterling Connect:Direct		for Unix <6.1.0.4.iFix121
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7`	11.7
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Business Automation Workflow 22.0.2 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:22.0.2`	22.0.2
IBM Sterling Connect:Direct 6.4.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.4.0`	6.4.0
IBM Sterling Connect:Direct 6.3.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.3.0`	6.3.0
IBM WebSphere Service Registry and Repository 8.5 IBM / WebSphere Service Registry and Repository	`cpe:/a:ibm:websphere_service_registry_and_repository:8.5`	8.5
IBM Sterling Connect:Direct for Unix <6.4.0.1.iFix005 IBM / Sterling Connect:Direct		for Unix <6.4.0.1.iFix005
IBM WebSphere Application Server liberty IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:liberty`	liberty
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale System <6.2.2.1 IBM / Storage Scale System		<6.2.2.1
IBM Storage Scale System <6.1.9.6 IBM / Storage Scale System		<6.1.9.6
IBM MQ 9.4 IBM / MQ	`cpe:/a:ibm:mq:9.4`	9.4
IBM QRadar SIEM <7.5.0 UP10 IF01 IBM / QRadar SIEM		<7.5.0 UP10 IF01
IBM FlashSystem 9100 Family IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9100_family`	9100 Family
IBM FlashSystem 9200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9200`	9200
IBM MQ Container 9.4.2.0-r1 IBM / MQ	`cpe:/a:ibm:mq:container_9.4.2.0-r1`	Container 9.4.2.0-r1
IBM FlashSystem V9000 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:v9000`	V9000
IBM MQ Operator v3.2.9 IBM / MQ	`cpe:/a:ibm:mq:operator_v3.2.9`	Operator v3.2.9
IBM FlashSystem 9500 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9500`	9500
IBM MQ Operator v3.5.0 IBM / MQ	`cpe:/a:ibm:mq:operator_v3.5.0`	Operator v3.5.0
IBM Storwize V5000E IBM / Storwize	`cpe:/a:ibm:storwize:v5000e`	V5000E
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
IBM Tivoli Monitoring 6.3.0.7 IBM / Tivoli Monitoring	`cpe:/a:ibm:tivoli_monitoring:6.3.0.7`	6.3.0.7
IBM SPSS SPSS Collaboration and Deployment Services 8.5 IBM / SPSS	`cpe:/a:ibm:spss:spss_collaboration_and_deployment_services_8.5`	SPSS Collaboration and Deployment Services 8.5
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
IBM Sterling Connect:Direct <6.1.0.27 IBM / Sterling Connect:Direct		<6.1.0.27
Hitachi Command Suite Hitachi	`cpe:/a:hitachi:command_suite:-`	—
IBM TXSeries for multiplatforms IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms`	for multiplatforms
Oracle Java SE Oracle GraalVM for JDK 17.0.12 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12`	Oracle GraalVM for JDK 17.0.12
Oracle Java SE Oracle GraalVM for JDK 21.0.4 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4`	Oracle GraalVM for JDK 21.0.4
IBM Business Automation Workflow <24.0.1-IF002 IBM / Business Automation Workflow		<24.0.1-IF002
IBM Business Automation Workflow <24.0.0-IF005 IBM / Business Automation Workflow		<24.0.0-IF005
IBM MQ 9.1 IBM / MQ	`cpe:/a:ibm:mq:9.1`	9.1
IBM MQ 9.2 IBM / MQ	`cpe:/a:ibm:mq:9.2`	9.2
IBM FlashSystem 7300 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:7300`	7300
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
IBM QRadar SIEM <7.5.0 UP11 IF01 IBM / QRadar SIEM		<7.5.0 UP11 IF01
IBM Sterling Connect:Direct for Unix 6.2.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.2.0::unix`	for Unix 6.2.0
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM FlashSystem 5000 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:5000`	5000
IBM Sterling Connect:Direct for Unix 6.1.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.1.0::unix`	for Unix 6.1.0
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—
IBM FlashSystem 7200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:7200`	7200
IBM Storage Scale <5.2.2.1 IBM / Storage Scale		<5.2.2.1
IBM FlashSystem 5200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:5200`	5200
Amazon Corretto <8.442.06.1 Amazon / Corretto		<8.442.06.1
IBM Storage Scale <5.1.9.8 IBM / Storage Scale		<5.1.9.8
Amazon Corretto <11.0.26.4.1 Amazon / Corretto		<11.0.26.4.1
HCL Commerce <9.1.18 HCL / Commerce		<9.1.18

CVE-2024-21208

Affected products

Known affected 94 products

Product	Identifier	Version
IBM Business Automation Workflow 23.0.1 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:23.0.1`	23.0.1
Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.15 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15`	Oracle GraalVM Enterprise Edition: 20.3.15
IBM Sterling Connect:Direct <6.2.0.26 IBM / Sterling Connect:Direct		<6.2.0.26
Oracle Java SE Oracle Java SE 17.0.12 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_17.0.12`	Oracle Java SE 17.0.12
IBM Storwize V5000 IBM / Storwize	`cpe:/a:ibm:storwize:v5000`	V5000
Hitachi Configuration Manager Hitachi	`cpe:/a:hitachi:configuration_manager:-`	—
IBM Storwize V5100 IBM / Storwize	`cpe:/a:ibm:storwize:v5100`	V5100
Oracle Java SE Oracle Java SE 23 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_23`	Oracle Java SE 23
IBM App Connect Enterprise <12.0.12.9 IBM / App Connect Enterprise		<12.0.12.9
Oracle Java SE Oracle Java SE 21.0.4 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_21.0.4`	Oracle Java SE 21.0.4
IBM App Connect Enterprise <13.0.2.0 IBM / App Connect Enterprise		<13.0.2.0
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM WebSphere Application Server 8.5 IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:8.5`	8.5
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
Oracle Java SE Oracle Java SE 8u421 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_8u421`	Oracle Java SE 8u421
IBM Spectrum Protect IBM	`cpe:/a:ibm:spectrum_protect:-`	—
IBM WebSphere Application Server 9.0 IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:9.0`	9
Oracle Java SE Oracle GraalVM Enterprise Edition 20.3.15 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15`	Oracle GraalVM Enterprise Edition 20.3.15
Oracle Java SE Oracle GraalVM Enterprise Edition 21.3.11 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11`	Oracle GraalVM Enterprise Edition 21.3.11
Hitachi Ops Center Hitachi	`cpe:/a:hitachi:ops_center:-`	—
Oracle Java SE Oracle Java SE 11.0.24 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_11.0.24`	Oracle Java SE 11.0.24
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
IBM SAN Volume Controller IBM	`cpe:/a:ibm:san_volume_controller:-`	—
IBM Storwize V7000 IBM / Storwize	`cpe:/a:ibm:storwize:v7000`	V7000
Oracle Java SE Oracle GraalVM for JDK 23 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_23`	Oracle GraalVM for JDK 23
IBM MQ 9.3 IBM / MQ	`cpe:/a:ibm:mq:9.3`	9.3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Java IBM	`cpe:/a:ibm:jre:-`	—
IBM Sterling Connect:Direct 6.3 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.3`	6.3
IBM Sterling Connect:Direct 6.2 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.2`	6.2
IBM Sterling Connect:Direct 6.1 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.1`	6.1
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
IBM VIOS 3.1 IBM / VIOS	`cpe:/a:ibm:vios:3.1`	3.1
IBM Business Automation Workflow 23.0.2 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:23.0.2`	23.0.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Dell NetWorker Runtime Environment <8.0.23 Dell / NetWorker		Runtime Environment <8.0.23
IBM Sterling Connect:Direct for Unix <6.3.0.4.iFix004 IBM / Sterling Connect:Direct		for Unix <6.3.0.4.iFix004
IBM Sterling Connect:Direct for Unix <6.1.0.4.iFix121 IBM / Sterling Connect:Direct		for Unix <6.1.0.4.iFix121
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7`	11.7
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Business Automation Workflow 22.0.2 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:22.0.2`	22.0.2
IBM Sterling Connect:Direct 6.4.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.4.0`	6.4.0
IBM Sterling Connect:Direct 6.3.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.3.0`	6.3.0
IBM WebSphere Service Registry and Repository 8.5 IBM / WebSphere Service Registry and Repository	`cpe:/a:ibm:websphere_service_registry_and_repository:8.5`	8.5
IBM Sterling Connect:Direct for Unix <6.4.0.1.iFix005 IBM / Sterling Connect:Direct		for Unix <6.4.0.1.iFix005
IBM WebSphere Application Server liberty IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:liberty`	liberty
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale System <6.2.2.1 IBM / Storage Scale System		<6.2.2.1
IBM Storage Scale System <6.1.9.6 IBM / Storage Scale System		<6.1.9.6
IBM MQ 9.4 IBM / MQ	`cpe:/a:ibm:mq:9.4`	9.4
IBM QRadar SIEM <7.5.0 UP10 IF01 IBM / QRadar SIEM		<7.5.0 UP10 IF01
IBM FlashSystem 9100 Family IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9100_family`	9100 Family
IBM FlashSystem 9200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9200`	9200
IBM MQ Container 9.4.2.0-r1 IBM / MQ	`cpe:/a:ibm:mq:container_9.4.2.0-r1`	Container 9.4.2.0-r1
IBM FlashSystem V9000 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:v9000`	V9000
IBM MQ Operator v3.2.9 IBM / MQ	`cpe:/a:ibm:mq:operator_v3.2.9`	Operator v3.2.9
IBM FlashSystem 9500 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9500`	9500
IBM MQ Operator v3.5.0 IBM / MQ	`cpe:/a:ibm:mq:operator_v3.5.0`	Operator v3.5.0
IBM Storwize V5000E IBM / Storwize	`cpe:/a:ibm:storwize:v5000e`	V5000E
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
IBM Tivoli Monitoring 6.3.0.7 IBM / Tivoli Monitoring	`cpe:/a:ibm:tivoli_monitoring:6.3.0.7`	6.3.0.7
IBM SPSS SPSS Collaboration and Deployment Services 8.5 IBM / SPSS	`cpe:/a:ibm:spss:spss_collaboration_and_deployment_services_8.5`	SPSS Collaboration and Deployment Services 8.5
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
IBM Sterling Connect:Direct <6.1.0.27 IBM / Sterling Connect:Direct		<6.1.0.27
Hitachi Command Suite Hitachi	`cpe:/a:hitachi:command_suite:-`	—
IBM TXSeries for multiplatforms IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms`	for multiplatforms
Oracle Java SE Oracle GraalVM for JDK 17.0.12 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12`	Oracle GraalVM for JDK 17.0.12
Oracle Java SE Oracle GraalVM for JDK 21.0.4 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4`	Oracle GraalVM for JDK 21.0.4
IBM Business Automation Workflow <24.0.1-IF002 IBM / Business Automation Workflow		<24.0.1-IF002
IBM Business Automation Workflow <24.0.0-IF005 IBM / Business Automation Workflow		<24.0.0-IF005
IBM MQ 9.1 IBM / MQ	`cpe:/a:ibm:mq:9.1`	9.1
IBM MQ 9.2 IBM / MQ	`cpe:/a:ibm:mq:9.2`	9.2
IBM FlashSystem 7300 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:7300`	7300
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
IBM QRadar SIEM <7.5.0 UP11 IF01 IBM / QRadar SIEM		<7.5.0 UP11 IF01
IBM Sterling Connect:Direct for Unix 6.2.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.2.0::unix`	for Unix 6.2.0
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM FlashSystem 5000 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:5000`	5000
IBM Sterling Connect:Direct for Unix 6.1.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.1.0::unix`	for Unix 6.1.0
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—
IBM FlashSystem 7200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:7200`	7200
IBM Storage Scale <5.2.2.1 IBM / Storage Scale		<5.2.2.1
IBM FlashSystem 5200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:5200`	5200
Amazon Corretto <8.442.06.1 Amazon / Corretto		<8.442.06.1
IBM Storage Scale <5.1.9.8 IBM / Storage Scale		<5.1.9.8
Amazon Corretto <11.0.26.4.1 Amazon / Corretto		<11.0.26.4.1
HCL Commerce <9.1.18 HCL / Commerce		<9.1.18

CVE-2024-21210

Affected products

Known affected 94 products

Product	Identifier	Version
IBM Business Automation Workflow 23.0.1 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:23.0.1`	23.0.1
Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.15 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15`	Oracle GraalVM Enterprise Edition: 20.3.15
IBM Sterling Connect:Direct <6.2.0.26 IBM / Sterling Connect:Direct		<6.2.0.26
Oracle Java SE Oracle Java SE 17.0.12 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_17.0.12`	Oracle Java SE 17.0.12
IBM Storwize V5000 IBM / Storwize	`cpe:/a:ibm:storwize:v5000`	V5000
Hitachi Configuration Manager Hitachi	`cpe:/a:hitachi:configuration_manager:-`	—
IBM Storwize V5100 IBM / Storwize	`cpe:/a:ibm:storwize:v5100`	V5100
Oracle Java SE Oracle Java SE 23 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_23`	Oracle Java SE 23
IBM App Connect Enterprise <12.0.12.9 IBM / App Connect Enterprise		<12.0.12.9
Oracle Java SE Oracle Java SE 21.0.4 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_21.0.4`	Oracle Java SE 21.0.4
IBM App Connect Enterprise <13.0.2.0 IBM / App Connect Enterprise		<13.0.2.0
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM WebSphere Application Server 8.5 IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:8.5`	8.5
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
Oracle Java SE Oracle Java SE 8u421 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_8u421`	Oracle Java SE 8u421
IBM Spectrum Protect IBM	`cpe:/a:ibm:spectrum_protect:-`	—
IBM WebSphere Application Server 9.0 IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:9.0`	9
Oracle Java SE Oracle GraalVM Enterprise Edition 20.3.15 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15`	Oracle GraalVM Enterprise Edition 20.3.15
Oracle Java SE Oracle GraalVM Enterprise Edition 21.3.11 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11`	Oracle GraalVM Enterprise Edition 21.3.11
Hitachi Ops Center Hitachi	`cpe:/a:hitachi:ops_center:-`	—
Oracle Java SE Oracle Java SE 11.0.24 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_11.0.24`	Oracle Java SE 11.0.24
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
IBM SAN Volume Controller IBM	`cpe:/a:ibm:san_volume_controller:-`	—
IBM Storwize V7000 IBM / Storwize	`cpe:/a:ibm:storwize:v7000`	V7000
Oracle Java SE Oracle GraalVM for JDK 23 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_23`	Oracle GraalVM for JDK 23
IBM MQ 9.3 IBM / MQ	`cpe:/a:ibm:mq:9.3`	9.3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Java IBM	`cpe:/a:ibm:jre:-`	—
IBM Sterling Connect:Direct 6.3 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.3`	6.3
IBM Sterling Connect:Direct 6.2 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.2`	6.2
IBM Sterling Connect:Direct 6.1 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.1`	6.1
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
IBM VIOS 3.1 IBM / VIOS	`cpe:/a:ibm:vios:3.1`	3.1
IBM Business Automation Workflow 23.0.2 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:23.0.2`	23.0.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Dell NetWorker Runtime Environment <8.0.23 Dell / NetWorker		Runtime Environment <8.0.23
IBM Sterling Connect:Direct for Unix <6.3.0.4.iFix004 IBM / Sterling Connect:Direct		for Unix <6.3.0.4.iFix004
IBM Sterling Connect:Direct for Unix <6.1.0.4.iFix121 IBM / Sterling Connect:Direct		for Unix <6.1.0.4.iFix121
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7`	11.7
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Business Automation Workflow 22.0.2 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:22.0.2`	22.0.2
IBM Sterling Connect:Direct 6.4.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.4.0`	6.4.0
IBM Sterling Connect:Direct 6.3.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.3.0`	6.3.0
IBM WebSphere Service Registry and Repository 8.5 IBM / WebSphere Service Registry and Repository	`cpe:/a:ibm:websphere_service_registry_and_repository:8.5`	8.5
IBM Sterling Connect:Direct for Unix <6.4.0.1.iFix005 IBM / Sterling Connect:Direct		for Unix <6.4.0.1.iFix005
IBM WebSphere Application Server liberty IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:liberty`	liberty
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale System <6.2.2.1 IBM / Storage Scale System		<6.2.2.1
IBM Storage Scale System <6.1.9.6 IBM / Storage Scale System		<6.1.9.6
IBM MQ 9.4 IBM / MQ	`cpe:/a:ibm:mq:9.4`	9.4
IBM QRadar SIEM <7.5.0 UP10 IF01 IBM / QRadar SIEM		<7.5.0 UP10 IF01
IBM FlashSystem 9100 Family IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9100_family`	9100 Family
IBM FlashSystem 9200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9200`	9200
IBM MQ Container 9.4.2.0-r1 IBM / MQ	`cpe:/a:ibm:mq:container_9.4.2.0-r1`	Container 9.4.2.0-r1
IBM FlashSystem V9000 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:v9000`	V9000
IBM MQ Operator v3.2.9 IBM / MQ	`cpe:/a:ibm:mq:operator_v3.2.9`	Operator v3.2.9
IBM FlashSystem 9500 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9500`	9500
IBM MQ Operator v3.5.0 IBM / MQ	`cpe:/a:ibm:mq:operator_v3.5.0`	Operator v3.5.0
IBM Storwize V5000E IBM / Storwize	`cpe:/a:ibm:storwize:v5000e`	V5000E
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
IBM Tivoli Monitoring 6.3.0.7 IBM / Tivoli Monitoring	`cpe:/a:ibm:tivoli_monitoring:6.3.0.7`	6.3.0.7
IBM SPSS SPSS Collaboration and Deployment Services 8.5 IBM / SPSS	`cpe:/a:ibm:spss:spss_collaboration_and_deployment_services_8.5`	SPSS Collaboration and Deployment Services 8.5
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
IBM Sterling Connect:Direct <6.1.0.27 IBM / Sterling Connect:Direct		<6.1.0.27
Hitachi Command Suite Hitachi	`cpe:/a:hitachi:command_suite:-`	—
IBM TXSeries for multiplatforms IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms`	for multiplatforms
Oracle Java SE Oracle GraalVM for JDK 17.0.12 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12`	Oracle GraalVM for JDK 17.0.12
Oracle Java SE Oracle GraalVM for JDK 21.0.4 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4`	Oracle GraalVM for JDK 21.0.4
IBM Business Automation Workflow <24.0.1-IF002 IBM / Business Automation Workflow		<24.0.1-IF002
IBM Business Automation Workflow <24.0.0-IF005 IBM / Business Automation Workflow		<24.0.0-IF005
IBM MQ 9.1 IBM / MQ	`cpe:/a:ibm:mq:9.1`	9.1
IBM MQ 9.2 IBM / MQ	`cpe:/a:ibm:mq:9.2`	9.2
IBM FlashSystem 7300 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:7300`	7300
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
IBM QRadar SIEM <7.5.0 UP11 IF01 IBM / QRadar SIEM		<7.5.0 UP11 IF01
IBM Sterling Connect:Direct for Unix 6.2.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.2.0::unix`	for Unix 6.2.0
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM FlashSystem 5000 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:5000`	5000
IBM Sterling Connect:Direct for Unix 6.1.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.1.0::unix`	for Unix 6.1.0
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—
IBM FlashSystem 7200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:7200`	7200
IBM Storage Scale <5.2.2.1 IBM / Storage Scale		<5.2.2.1
IBM FlashSystem 5200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:5200`	5200
Amazon Corretto <8.442.06.1 Amazon / Corretto		<8.442.06.1
IBM Storage Scale <5.1.9.8 IBM / Storage Scale		<5.1.9.8
Amazon Corretto <11.0.26.4.1 Amazon / Corretto		<11.0.26.4.1
HCL Commerce <9.1.18 HCL / Commerce		<9.1.18

CVE-2024-21211

Affected products

Known affected 94 products

Product	Identifier	Version
IBM Business Automation Workflow 23.0.1 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:23.0.1`	23.0.1
Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.15 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15`	Oracle GraalVM Enterprise Edition: 20.3.15
IBM Sterling Connect:Direct <6.2.0.26 IBM / Sterling Connect:Direct		<6.2.0.26
Oracle Java SE Oracle Java SE 17.0.12 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_17.0.12`	Oracle Java SE 17.0.12
IBM Storwize V5000 IBM / Storwize	`cpe:/a:ibm:storwize:v5000`	V5000
Hitachi Configuration Manager Hitachi	`cpe:/a:hitachi:configuration_manager:-`	—
IBM Storwize V5100 IBM / Storwize	`cpe:/a:ibm:storwize:v5100`	V5100
Oracle Java SE Oracle Java SE 23 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_23`	Oracle Java SE 23
IBM App Connect Enterprise <12.0.12.9 IBM / App Connect Enterprise		<12.0.12.9
Oracle Java SE Oracle Java SE 21.0.4 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_21.0.4`	Oracle Java SE 21.0.4
IBM App Connect Enterprise <13.0.2.0 IBM / App Connect Enterprise		<13.0.2.0
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM WebSphere Application Server 8.5 IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:8.5`	8.5
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
Oracle Java SE Oracle Java SE 8u421 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_8u421`	Oracle Java SE 8u421
IBM Spectrum Protect IBM	`cpe:/a:ibm:spectrum_protect:-`	—
IBM WebSphere Application Server 9.0 IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:9.0`	9
Oracle Java SE Oracle GraalVM Enterprise Edition 20.3.15 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15`	Oracle GraalVM Enterprise Edition 20.3.15
Oracle Java SE Oracle GraalVM Enterprise Edition 21.3.11 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11`	Oracle GraalVM Enterprise Edition 21.3.11
Hitachi Ops Center Hitachi	`cpe:/a:hitachi:ops_center:-`	—
Oracle Java SE Oracle Java SE 11.0.24 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_11.0.24`	Oracle Java SE 11.0.24
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
IBM SAN Volume Controller IBM	`cpe:/a:ibm:san_volume_controller:-`	—
IBM Storwize V7000 IBM / Storwize	`cpe:/a:ibm:storwize:v7000`	V7000
Oracle Java SE Oracle GraalVM for JDK 23 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_23`	Oracle GraalVM for JDK 23
IBM MQ 9.3 IBM / MQ	`cpe:/a:ibm:mq:9.3`	9.3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Java IBM	`cpe:/a:ibm:jre:-`	—
IBM Sterling Connect:Direct 6.3 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.3`	6.3
IBM Sterling Connect:Direct 6.2 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.2`	6.2
IBM Sterling Connect:Direct 6.1 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.1`	6.1
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
IBM VIOS 3.1 IBM / VIOS	`cpe:/a:ibm:vios:3.1`	3.1
IBM Business Automation Workflow 23.0.2 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:23.0.2`	23.0.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Dell NetWorker Runtime Environment <8.0.23 Dell / NetWorker		Runtime Environment <8.0.23
IBM Sterling Connect:Direct for Unix <6.3.0.4.iFix004 IBM / Sterling Connect:Direct		for Unix <6.3.0.4.iFix004
IBM Sterling Connect:Direct for Unix <6.1.0.4.iFix121 IBM / Sterling Connect:Direct		for Unix <6.1.0.4.iFix121
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7`	11.7
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Business Automation Workflow 22.0.2 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:22.0.2`	22.0.2
IBM Sterling Connect:Direct 6.4.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.4.0`	6.4.0
IBM Sterling Connect:Direct 6.3.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.3.0`	6.3.0
IBM WebSphere Service Registry and Repository 8.5 IBM / WebSphere Service Registry and Repository	`cpe:/a:ibm:websphere_service_registry_and_repository:8.5`	8.5
IBM Sterling Connect:Direct for Unix <6.4.0.1.iFix005 IBM / Sterling Connect:Direct		for Unix <6.4.0.1.iFix005
IBM WebSphere Application Server liberty IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:liberty`	liberty
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale System <6.2.2.1 IBM / Storage Scale System		<6.2.2.1
IBM Storage Scale System <6.1.9.6 IBM / Storage Scale System		<6.1.9.6
IBM MQ 9.4 IBM / MQ	`cpe:/a:ibm:mq:9.4`	9.4
IBM QRadar SIEM <7.5.0 UP10 IF01 IBM / QRadar SIEM		<7.5.0 UP10 IF01
IBM FlashSystem 9100 Family IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9100_family`	9100 Family
IBM FlashSystem 9200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9200`	9200
IBM MQ Container 9.4.2.0-r1 IBM / MQ	`cpe:/a:ibm:mq:container_9.4.2.0-r1`	Container 9.4.2.0-r1
IBM FlashSystem V9000 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:v9000`	V9000
IBM MQ Operator v3.2.9 IBM / MQ	`cpe:/a:ibm:mq:operator_v3.2.9`	Operator v3.2.9
IBM FlashSystem 9500 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9500`	9500
IBM MQ Operator v3.5.0 IBM / MQ	`cpe:/a:ibm:mq:operator_v3.5.0`	Operator v3.5.0
IBM Storwize V5000E IBM / Storwize	`cpe:/a:ibm:storwize:v5000e`	V5000E
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
IBM Tivoli Monitoring 6.3.0.7 IBM / Tivoli Monitoring	`cpe:/a:ibm:tivoli_monitoring:6.3.0.7`	6.3.0.7
IBM SPSS SPSS Collaboration and Deployment Services 8.5 IBM / SPSS	`cpe:/a:ibm:spss:spss_collaboration_and_deployment_services_8.5`	SPSS Collaboration and Deployment Services 8.5
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
IBM Sterling Connect:Direct <6.1.0.27 IBM / Sterling Connect:Direct		<6.1.0.27
Hitachi Command Suite Hitachi	`cpe:/a:hitachi:command_suite:-`	—
IBM TXSeries for multiplatforms IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms`	for multiplatforms
Oracle Java SE Oracle GraalVM for JDK 17.0.12 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12`	Oracle GraalVM for JDK 17.0.12
Oracle Java SE Oracle GraalVM for JDK 21.0.4 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4`	Oracle GraalVM for JDK 21.0.4
IBM Business Automation Workflow <24.0.1-IF002 IBM / Business Automation Workflow		<24.0.1-IF002
IBM Business Automation Workflow <24.0.0-IF005 IBM / Business Automation Workflow		<24.0.0-IF005
IBM MQ 9.1 IBM / MQ	`cpe:/a:ibm:mq:9.1`	9.1
IBM MQ 9.2 IBM / MQ	`cpe:/a:ibm:mq:9.2`	9.2
IBM FlashSystem 7300 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:7300`	7300
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
IBM QRadar SIEM <7.5.0 UP11 IF01 IBM / QRadar SIEM		<7.5.0 UP11 IF01
IBM Sterling Connect:Direct for Unix 6.2.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.2.0::unix`	for Unix 6.2.0
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM FlashSystem 5000 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:5000`	5000
IBM Sterling Connect:Direct for Unix 6.1.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.1.0::unix`	for Unix 6.1.0
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—
IBM FlashSystem 7200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:7200`	7200
IBM Storage Scale <5.2.2.1 IBM / Storage Scale		<5.2.2.1
IBM FlashSystem 5200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:5200`	5200
Amazon Corretto <8.442.06.1 Amazon / Corretto		<8.442.06.1
IBM Storage Scale <5.1.9.8 IBM / Storage Scale		<5.1.9.8
Amazon Corretto <11.0.26.4.1 Amazon / Corretto		<11.0.26.4.1
HCL Commerce <9.1.18 HCL / Commerce		<9.1.18

CVE-2024-21217

Affected products

Known affected 94 products

Product	Identifier	Version
IBM Business Automation Workflow 23.0.1 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:23.0.1`	23.0.1
Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.15 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15`	Oracle GraalVM Enterprise Edition: 20.3.15
IBM Sterling Connect:Direct <6.2.0.26 IBM / Sterling Connect:Direct		<6.2.0.26
Oracle Java SE Oracle Java SE 17.0.12 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_17.0.12`	Oracle Java SE 17.0.12
IBM Storwize V5000 IBM / Storwize	`cpe:/a:ibm:storwize:v5000`	V5000
Hitachi Configuration Manager Hitachi	`cpe:/a:hitachi:configuration_manager:-`	—
IBM Storwize V5100 IBM / Storwize	`cpe:/a:ibm:storwize:v5100`	V5100
Oracle Java SE Oracle Java SE 23 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_23`	Oracle Java SE 23
IBM App Connect Enterprise <12.0.12.9 IBM / App Connect Enterprise		<12.0.12.9
Oracle Java SE Oracle Java SE 21.0.4 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_21.0.4`	Oracle Java SE 21.0.4
IBM App Connect Enterprise <13.0.2.0 IBM / App Connect Enterprise		<13.0.2.0
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM WebSphere Application Server 8.5 IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:8.5`	8.5
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
Oracle Java SE Oracle Java SE 8u421 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_8u421`	Oracle Java SE 8u421
IBM Spectrum Protect IBM	`cpe:/a:ibm:spectrum_protect:-`	—
IBM WebSphere Application Server 9.0 IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:9.0`	9
Oracle Java SE Oracle GraalVM Enterprise Edition 20.3.15 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15`	Oracle GraalVM Enterprise Edition 20.3.15
Oracle Java SE Oracle GraalVM Enterprise Edition 21.3.11 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11`	Oracle GraalVM Enterprise Edition 21.3.11
Hitachi Ops Center Hitachi	`cpe:/a:hitachi:ops_center:-`	—
Oracle Java SE Oracle Java SE 11.0.24 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_11.0.24`	Oracle Java SE 11.0.24
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
IBM SAN Volume Controller IBM	`cpe:/a:ibm:san_volume_controller:-`	—
IBM Storwize V7000 IBM / Storwize	`cpe:/a:ibm:storwize:v7000`	V7000
Oracle Java SE Oracle GraalVM for JDK 23 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_23`	Oracle GraalVM for JDK 23
IBM MQ 9.3 IBM / MQ	`cpe:/a:ibm:mq:9.3`	9.3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Java IBM	`cpe:/a:ibm:jre:-`	—
IBM Sterling Connect:Direct 6.3 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.3`	6.3
IBM Sterling Connect:Direct 6.2 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.2`	6.2
IBM Sterling Connect:Direct 6.1 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.1`	6.1
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
IBM VIOS 3.1 IBM / VIOS	`cpe:/a:ibm:vios:3.1`	3.1
IBM Business Automation Workflow 23.0.2 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:23.0.2`	23.0.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Dell NetWorker Runtime Environment <8.0.23 Dell / NetWorker		Runtime Environment <8.0.23
IBM Sterling Connect:Direct for Unix <6.3.0.4.iFix004 IBM / Sterling Connect:Direct		for Unix <6.3.0.4.iFix004
IBM Sterling Connect:Direct for Unix <6.1.0.4.iFix121 IBM / Sterling Connect:Direct		for Unix <6.1.0.4.iFix121
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7`	11.7
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Business Automation Workflow 22.0.2 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:22.0.2`	22.0.2
IBM Sterling Connect:Direct 6.4.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.4.0`	6.4.0
IBM Sterling Connect:Direct 6.3.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.3.0`	6.3.0
IBM WebSphere Service Registry and Repository 8.5 IBM / WebSphere Service Registry and Repository	`cpe:/a:ibm:websphere_service_registry_and_repository:8.5`	8.5
IBM Sterling Connect:Direct for Unix <6.4.0.1.iFix005 IBM / Sterling Connect:Direct		for Unix <6.4.0.1.iFix005
IBM WebSphere Application Server liberty IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:liberty`	liberty
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale System <6.2.2.1 IBM / Storage Scale System		<6.2.2.1
IBM Storage Scale System <6.1.9.6 IBM / Storage Scale System		<6.1.9.6
IBM MQ 9.4 IBM / MQ	`cpe:/a:ibm:mq:9.4`	9.4
IBM QRadar SIEM <7.5.0 UP10 IF01 IBM / QRadar SIEM		<7.5.0 UP10 IF01
IBM FlashSystem 9100 Family IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9100_family`	9100 Family
IBM FlashSystem 9200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9200`	9200
IBM MQ Container 9.4.2.0-r1 IBM / MQ	`cpe:/a:ibm:mq:container_9.4.2.0-r1`	Container 9.4.2.0-r1
IBM FlashSystem V9000 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:v9000`	V9000
IBM MQ Operator v3.2.9 IBM / MQ	`cpe:/a:ibm:mq:operator_v3.2.9`	Operator v3.2.9
IBM FlashSystem 9500 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9500`	9500
IBM MQ Operator v3.5.0 IBM / MQ	`cpe:/a:ibm:mq:operator_v3.5.0`	Operator v3.5.0
IBM Storwize V5000E IBM / Storwize	`cpe:/a:ibm:storwize:v5000e`	V5000E
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
IBM Tivoli Monitoring 6.3.0.7 IBM / Tivoli Monitoring	`cpe:/a:ibm:tivoli_monitoring:6.3.0.7`	6.3.0.7
IBM SPSS SPSS Collaboration and Deployment Services 8.5 IBM / SPSS	`cpe:/a:ibm:spss:spss_collaboration_and_deployment_services_8.5`	SPSS Collaboration and Deployment Services 8.5
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
IBM Sterling Connect:Direct <6.1.0.27 IBM / Sterling Connect:Direct		<6.1.0.27
Hitachi Command Suite Hitachi	`cpe:/a:hitachi:command_suite:-`	—
IBM TXSeries for multiplatforms IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms`	for multiplatforms
Oracle Java SE Oracle GraalVM for JDK 17.0.12 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12`	Oracle GraalVM for JDK 17.0.12
Oracle Java SE Oracle GraalVM for JDK 21.0.4 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4`	Oracle GraalVM for JDK 21.0.4
IBM Business Automation Workflow <24.0.1-IF002 IBM / Business Automation Workflow		<24.0.1-IF002
IBM Business Automation Workflow <24.0.0-IF005 IBM / Business Automation Workflow		<24.0.0-IF005
IBM MQ 9.1 IBM / MQ	`cpe:/a:ibm:mq:9.1`	9.1
IBM MQ 9.2 IBM / MQ	`cpe:/a:ibm:mq:9.2`	9.2
IBM FlashSystem 7300 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:7300`	7300
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
IBM QRadar SIEM <7.5.0 UP11 IF01 IBM / QRadar SIEM		<7.5.0 UP11 IF01
IBM Sterling Connect:Direct for Unix 6.2.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.2.0::unix`	for Unix 6.2.0
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM FlashSystem 5000 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:5000`	5000
IBM Sterling Connect:Direct for Unix 6.1.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.1.0::unix`	for Unix 6.1.0
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—
IBM FlashSystem 7200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:7200`	7200
IBM Storage Scale <5.2.2.1 IBM / Storage Scale		<5.2.2.1
IBM FlashSystem 5200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:5200`	5200
Amazon Corretto <8.442.06.1 Amazon / Corretto		<8.442.06.1
IBM Storage Scale <5.1.9.8 IBM / Storage Scale		<5.1.9.8
Amazon Corretto <11.0.26.4.1 Amazon / Corretto		<11.0.26.4.1
HCL Commerce <9.1.18 HCL / Commerce		<9.1.18

CVE-2024-21235

Affected products

Known affected 94 products

Product	Identifier	Version
IBM Business Automation Workflow 23.0.1 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:23.0.1`	23.0.1
Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.15 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15`	Oracle GraalVM Enterprise Edition: 20.3.15
IBM Sterling Connect:Direct <6.2.0.26 IBM / Sterling Connect:Direct		<6.2.0.26
Oracle Java SE Oracle Java SE 17.0.12 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_17.0.12`	Oracle Java SE 17.0.12
IBM Storwize V5000 IBM / Storwize	`cpe:/a:ibm:storwize:v5000`	V5000
Hitachi Configuration Manager Hitachi	`cpe:/a:hitachi:configuration_manager:-`	—
IBM Storwize V5100 IBM / Storwize	`cpe:/a:ibm:storwize:v5100`	V5100
Oracle Java SE Oracle Java SE 23 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_23`	Oracle Java SE 23
IBM App Connect Enterprise <12.0.12.9 IBM / App Connect Enterprise		<12.0.12.9
Oracle Java SE Oracle Java SE 21.0.4 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_21.0.4`	Oracle Java SE 21.0.4
IBM App Connect Enterprise <13.0.2.0 IBM / App Connect Enterprise		<13.0.2.0
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM WebSphere Application Server 8.5 IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:8.5`	8.5
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
Oracle Java SE Oracle Java SE 8u421 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_8u421`	Oracle Java SE 8u421
IBM Spectrum Protect IBM	`cpe:/a:ibm:spectrum_protect:-`	—
IBM WebSphere Application Server 9.0 IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:9.0`	9
Oracle Java SE Oracle GraalVM Enterprise Edition 20.3.15 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15`	Oracle GraalVM Enterprise Edition 20.3.15
Oracle Java SE Oracle GraalVM Enterprise Edition 21.3.11 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11`	Oracle GraalVM Enterprise Edition 21.3.11
Hitachi Ops Center Hitachi	`cpe:/a:hitachi:ops_center:-`	—
Oracle Java SE Oracle Java SE 11.0.24 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_11.0.24`	Oracle Java SE 11.0.24
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
IBM SAN Volume Controller IBM	`cpe:/a:ibm:san_volume_controller:-`	—
IBM Storwize V7000 IBM / Storwize	`cpe:/a:ibm:storwize:v7000`	V7000
Oracle Java SE Oracle GraalVM for JDK 23 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_23`	Oracle GraalVM for JDK 23
IBM MQ 9.3 IBM / MQ	`cpe:/a:ibm:mq:9.3`	9.3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Java IBM	`cpe:/a:ibm:jre:-`	—
IBM Sterling Connect:Direct 6.3 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.3`	6.3
IBM Sterling Connect:Direct 6.2 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.2`	6.2
IBM Sterling Connect:Direct 6.1 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.1`	6.1
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
IBM VIOS 3.1 IBM / VIOS	`cpe:/a:ibm:vios:3.1`	3.1
IBM Business Automation Workflow 23.0.2 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:23.0.2`	23.0.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Dell NetWorker Runtime Environment <8.0.23 Dell / NetWorker		Runtime Environment <8.0.23
IBM Sterling Connect:Direct for Unix <6.3.0.4.iFix004 IBM / Sterling Connect:Direct		for Unix <6.3.0.4.iFix004
IBM Sterling Connect:Direct for Unix <6.1.0.4.iFix121 IBM / Sterling Connect:Direct		for Unix <6.1.0.4.iFix121
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7`	11.7
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Business Automation Workflow 22.0.2 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:22.0.2`	22.0.2
IBM Sterling Connect:Direct 6.4.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.4.0`	6.4.0
IBM Sterling Connect:Direct 6.3.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.3.0`	6.3.0
IBM WebSphere Service Registry and Repository 8.5 IBM / WebSphere Service Registry and Repository	`cpe:/a:ibm:websphere_service_registry_and_repository:8.5`	8.5
IBM Sterling Connect:Direct for Unix <6.4.0.1.iFix005 IBM / Sterling Connect:Direct		for Unix <6.4.0.1.iFix005
IBM WebSphere Application Server liberty IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:liberty`	liberty
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale System <6.2.2.1 IBM / Storage Scale System		<6.2.2.1
IBM Storage Scale System <6.1.9.6 IBM / Storage Scale System		<6.1.9.6
IBM MQ 9.4 IBM / MQ	`cpe:/a:ibm:mq:9.4`	9.4
IBM QRadar SIEM <7.5.0 UP10 IF01 IBM / QRadar SIEM		<7.5.0 UP10 IF01
IBM FlashSystem 9100 Family IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9100_family`	9100 Family
IBM FlashSystem 9200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9200`	9200
IBM MQ Container 9.4.2.0-r1 IBM / MQ	`cpe:/a:ibm:mq:container_9.4.2.0-r1`	Container 9.4.2.0-r1
IBM FlashSystem V9000 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:v9000`	V9000
IBM MQ Operator v3.2.9 IBM / MQ	`cpe:/a:ibm:mq:operator_v3.2.9`	Operator v3.2.9
IBM FlashSystem 9500 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9500`	9500
IBM MQ Operator v3.5.0 IBM / MQ	`cpe:/a:ibm:mq:operator_v3.5.0`	Operator v3.5.0
IBM Storwize V5000E IBM / Storwize	`cpe:/a:ibm:storwize:v5000e`	V5000E
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
IBM Tivoli Monitoring 6.3.0.7 IBM / Tivoli Monitoring	`cpe:/a:ibm:tivoli_monitoring:6.3.0.7`	6.3.0.7
IBM SPSS SPSS Collaboration and Deployment Services 8.5 IBM / SPSS	`cpe:/a:ibm:spss:spss_collaboration_and_deployment_services_8.5`	SPSS Collaboration and Deployment Services 8.5
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
IBM Sterling Connect:Direct <6.1.0.27 IBM / Sterling Connect:Direct		<6.1.0.27
Hitachi Command Suite Hitachi	`cpe:/a:hitachi:command_suite:-`	—
IBM TXSeries for multiplatforms IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms`	for multiplatforms
Oracle Java SE Oracle GraalVM for JDK 17.0.12 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12`	Oracle GraalVM for JDK 17.0.12
Oracle Java SE Oracle GraalVM for JDK 21.0.4 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4`	Oracle GraalVM for JDK 21.0.4
IBM Business Automation Workflow <24.0.1-IF002 IBM / Business Automation Workflow		<24.0.1-IF002
IBM Business Automation Workflow <24.0.0-IF005 IBM / Business Automation Workflow		<24.0.0-IF005
IBM MQ 9.1 IBM / MQ	`cpe:/a:ibm:mq:9.1`	9.1
IBM MQ 9.2 IBM / MQ	`cpe:/a:ibm:mq:9.2`	9.2
IBM FlashSystem 7300 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:7300`	7300
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
IBM QRadar SIEM <7.5.0 UP11 IF01 IBM / QRadar SIEM		<7.5.0 UP11 IF01
IBM Sterling Connect:Direct for Unix 6.2.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.2.0::unix`	for Unix 6.2.0
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM FlashSystem 5000 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:5000`	5000
IBM Sterling Connect:Direct for Unix 6.1.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.1.0::unix`	for Unix 6.1.0
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—
IBM FlashSystem 7200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:7200`	7200
IBM Storage Scale <5.2.2.1 IBM / Storage Scale		<5.2.2.1
IBM FlashSystem 5200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:5200`	5200
Amazon Corretto <8.442.06.1 Amazon / Corretto		<8.442.06.1
IBM Storage Scale <5.1.9.8 IBM / Storage Scale		<5.1.9.8
Amazon Corretto <11.0.26.4.1 Amazon / Corretto		<11.0.26.4.1
HCL Commerce <9.1.18 HCL / Commerce		<9.1.18

CVE-2024-25062

Affected products

Known affected 94 products

Product	Identifier	Version
IBM Business Automation Workflow 23.0.1 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:23.0.1`	23.0.1
Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.15 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15`	Oracle GraalVM Enterprise Edition: 20.3.15
IBM Sterling Connect:Direct <6.2.0.26 IBM / Sterling Connect:Direct		<6.2.0.26
Oracle Java SE Oracle Java SE 17.0.12 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_17.0.12`	Oracle Java SE 17.0.12
IBM Storwize V5000 IBM / Storwize	`cpe:/a:ibm:storwize:v5000`	V5000
Hitachi Configuration Manager Hitachi	`cpe:/a:hitachi:configuration_manager:-`	—
IBM Storwize V5100 IBM / Storwize	`cpe:/a:ibm:storwize:v5100`	V5100
Oracle Java SE Oracle Java SE 23 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_23`	Oracle Java SE 23
IBM App Connect Enterprise <12.0.12.9 IBM / App Connect Enterprise		<12.0.12.9
Oracle Java SE Oracle Java SE 21.0.4 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_21.0.4`	Oracle Java SE 21.0.4
IBM App Connect Enterprise <13.0.2.0 IBM / App Connect Enterprise		<13.0.2.0
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM WebSphere Application Server 8.5 IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:8.5`	8.5
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
Oracle Java SE Oracle Java SE 8u421 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_8u421`	Oracle Java SE 8u421
IBM Spectrum Protect IBM	`cpe:/a:ibm:spectrum_protect:-`	—
IBM WebSphere Application Server 9.0 IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:9.0`	9
Oracle Java SE Oracle GraalVM Enterprise Edition 20.3.15 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15`	Oracle GraalVM Enterprise Edition 20.3.15
Oracle Java SE Oracle GraalVM Enterprise Edition 21.3.11 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11`	Oracle GraalVM Enterprise Edition 21.3.11
Hitachi Ops Center Hitachi	`cpe:/a:hitachi:ops_center:-`	—
Oracle Java SE Oracle Java SE 11.0.24 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_11.0.24`	Oracle Java SE 11.0.24
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
IBM SAN Volume Controller IBM	`cpe:/a:ibm:san_volume_controller:-`	—
IBM Storwize V7000 IBM / Storwize	`cpe:/a:ibm:storwize:v7000`	V7000
Oracle Java SE Oracle GraalVM for JDK 23 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_23`	Oracle GraalVM for JDK 23
IBM MQ 9.3 IBM / MQ	`cpe:/a:ibm:mq:9.3`	9.3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Java IBM	`cpe:/a:ibm:jre:-`	—
IBM Sterling Connect:Direct 6.3 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.3`	6.3
IBM Sterling Connect:Direct 6.2 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.2`	6.2
IBM Sterling Connect:Direct 6.1 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.1`	6.1
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
IBM VIOS 3.1 IBM / VIOS	`cpe:/a:ibm:vios:3.1`	3.1
IBM Business Automation Workflow 23.0.2 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:23.0.2`	23.0.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Dell NetWorker Runtime Environment <8.0.23 Dell / NetWorker		Runtime Environment <8.0.23
IBM Sterling Connect:Direct for Unix <6.3.0.4.iFix004 IBM / Sterling Connect:Direct		for Unix <6.3.0.4.iFix004
IBM Sterling Connect:Direct for Unix <6.1.0.4.iFix121 IBM / Sterling Connect:Direct		for Unix <6.1.0.4.iFix121
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7`	11.7
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Business Automation Workflow 22.0.2 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:22.0.2`	22.0.2
IBM Sterling Connect:Direct 6.4.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.4.0`	6.4.0
IBM Sterling Connect:Direct 6.3.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.3.0`	6.3.0
IBM WebSphere Service Registry and Repository 8.5 IBM / WebSphere Service Registry and Repository	`cpe:/a:ibm:websphere_service_registry_and_repository:8.5`	8.5
IBM Sterling Connect:Direct for Unix <6.4.0.1.iFix005 IBM / Sterling Connect:Direct		for Unix <6.4.0.1.iFix005
IBM WebSphere Application Server liberty IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:liberty`	liberty
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale System <6.2.2.1 IBM / Storage Scale System		<6.2.2.1
IBM Storage Scale System <6.1.9.6 IBM / Storage Scale System		<6.1.9.6
IBM MQ 9.4 IBM / MQ	`cpe:/a:ibm:mq:9.4`	9.4
IBM QRadar SIEM <7.5.0 UP10 IF01 IBM / QRadar SIEM		<7.5.0 UP10 IF01
IBM FlashSystem 9100 Family IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9100_family`	9100 Family
IBM FlashSystem 9200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9200`	9200
IBM MQ Container 9.4.2.0-r1 IBM / MQ	`cpe:/a:ibm:mq:container_9.4.2.0-r1`	Container 9.4.2.0-r1
IBM FlashSystem V9000 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:v9000`	V9000
IBM MQ Operator v3.2.9 IBM / MQ	`cpe:/a:ibm:mq:operator_v3.2.9`	Operator v3.2.9
IBM FlashSystem 9500 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9500`	9500
IBM MQ Operator v3.5.0 IBM / MQ	`cpe:/a:ibm:mq:operator_v3.5.0`	Operator v3.5.0
IBM Storwize V5000E IBM / Storwize	`cpe:/a:ibm:storwize:v5000e`	V5000E
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
IBM Tivoli Monitoring 6.3.0.7 IBM / Tivoli Monitoring	`cpe:/a:ibm:tivoli_monitoring:6.3.0.7`	6.3.0.7
IBM SPSS SPSS Collaboration and Deployment Services 8.5 IBM / SPSS	`cpe:/a:ibm:spss:spss_collaboration_and_deployment_services_8.5`	SPSS Collaboration and Deployment Services 8.5
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
IBM Sterling Connect:Direct <6.1.0.27 IBM / Sterling Connect:Direct		<6.1.0.27
Hitachi Command Suite Hitachi	`cpe:/a:hitachi:command_suite:-`	—
IBM TXSeries for multiplatforms IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms`	for multiplatforms
Oracle Java SE Oracle GraalVM for JDK 17.0.12 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12`	Oracle GraalVM for JDK 17.0.12
Oracle Java SE Oracle GraalVM for JDK 21.0.4 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4`	Oracle GraalVM for JDK 21.0.4
IBM Business Automation Workflow <24.0.1-IF002 IBM / Business Automation Workflow		<24.0.1-IF002
IBM Business Automation Workflow <24.0.0-IF005 IBM / Business Automation Workflow		<24.0.0-IF005
IBM MQ 9.1 IBM / MQ	`cpe:/a:ibm:mq:9.1`	9.1
IBM MQ 9.2 IBM / MQ	`cpe:/a:ibm:mq:9.2`	9.2
IBM FlashSystem 7300 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:7300`	7300
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
IBM QRadar SIEM <7.5.0 UP11 IF01 IBM / QRadar SIEM		<7.5.0 UP11 IF01
IBM Sterling Connect:Direct for Unix 6.2.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.2.0::unix`	for Unix 6.2.0
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM FlashSystem 5000 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:5000`	5000
IBM Sterling Connect:Direct for Unix 6.1.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.1.0::unix`	for Unix 6.1.0
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—
IBM FlashSystem 7200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:7200`	7200
IBM Storage Scale <5.2.2.1 IBM / Storage Scale		<5.2.2.1
IBM FlashSystem 5200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:5200`	5200
Amazon Corretto <8.442.06.1 Amazon / Corretto		<8.442.06.1
IBM Storage Scale <5.1.9.8 IBM / Storage Scale		<5.1.9.8
Amazon Corretto <11.0.26.4.1 Amazon / Corretto		<11.0.26.4.1
HCL Commerce <9.1.18 HCL / Commerce		<9.1.18

CVE-2024-36138

Affected products

Known affected 94 products

Product	Identifier	Version
IBM Business Automation Workflow 23.0.1 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:23.0.1`	23.0.1
Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.15 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15`	Oracle GraalVM Enterprise Edition: 20.3.15
IBM Sterling Connect:Direct <6.2.0.26 IBM / Sterling Connect:Direct		<6.2.0.26
Oracle Java SE Oracle Java SE 17.0.12 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_17.0.12`	Oracle Java SE 17.0.12
IBM Storwize V5000 IBM / Storwize	`cpe:/a:ibm:storwize:v5000`	V5000
Hitachi Configuration Manager Hitachi	`cpe:/a:hitachi:configuration_manager:-`	—
IBM Storwize V5100 IBM / Storwize	`cpe:/a:ibm:storwize:v5100`	V5100
Oracle Java SE Oracle Java SE 23 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_23`	Oracle Java SE 23
IBM App Connect Enterprise <12.0.12.9 IBM / App Connect Enterprise		<12.0.12.9
Oracle Java SE Oracle Java SE 21.0.4 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_21.0.4`	Oracle Java SE 21.0.4
IBM App Connect Enterprise <13.0.2.0 IBM / App Connect Enterprise		<13.0.2.0
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM WebSphere Application Server 8.5 IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:8.5`	8.5
IBM Rational Business Developer 9.6 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.6`	9.6
Oracle Java SE Oracle Java SE 8u421 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_8u421`	Oracle Java SE 8u421
IBM Spectrum Protect IBM	`cpe:/a:ibm:spectrum_protect:-`	—
IBM WebSphere Application Server 9.0 IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:9.0`	9
Oracle Java SE Oracle GraalVM Enterprise Edition 20.3.15 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15`	Oracle GraalVM Enterprise Edition 20.3.15
Oracle Java SE Oracle GraalVM Enterprise Edition 21.3.11 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11`	Oracle GraalVM Enterprise Edition 21.3.11
Hitachi Ops Center Hitachi	`cpe:/a:hitachi:ops_center:-`	—
Oracle Java SE Oracle Java SE 11.0.24 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_java_se_11.0.24`	Oracle Java SE 11.0.24
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
IBM SAN Volume Controller IBM	`cpe:/a:ibm:san_volume_controller:-`	—
IBM Storwize V7000 IBM / Storwize	`cpe:/a:ibm:storwize:v7000`	V7000
Oracle Java SE Oracle GraalVM for JDK 23 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_23`	Oracle GraalVM for JDK 23
IBM MQ 9.3 IBM / MQ	`cpe:/a:ibm:mq:9.3`	9.3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Rational Business Developer 9.7 IBM / Rational Business Developer	`cpe:/a:ibm:rational_business_developer:9.7`	9.7
IBM Java IBM	`cpe:/a:ibm:jre:-`	—
IBM Sterling Connect:Direct 6.3 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.3`	6.3
IBM Sterling Connect:Direct 6.2 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.2`	6.2
IBM Sterling Connect:Direct 6.1 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.1`	6.1
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
IBM VIOS 3.1 IBM / VIOS	`cpe:/a:ibm:vios:3.1`	3.1
IBM Business Automation Workflow 23.0.2 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:23.0.2`	23.0.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Dell NetWorker Runtime Environment <8.0.23 Dell / NetWorker		Runtime Environment <8.0.23
IBM Sterling Connect:Direct for Unix <6.3.0.4.iFix004 IBM / Sterling Connect:Direct		for Unix <6.3.0.4.iFix004
IBM Sterling Connect:Direct for Unix <6.1.0.4.iFix121 IBM / Sterling Connect:Direct		for Unix <6.1.0.4.iFix121
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7`	11.7
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Business Automation Workflow 22.0.2 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:22.0.2`	22.0.2
IBM Sterling Connect:Direct 6.4.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.4.0`	6.4.0
IBM Sterling Connect:Direct 6.3.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.3.0`	6.3.0
IBM WebSphere Service Registry and Repository 8.5 IBM / WebSphere Service Registry and Repository	`cpe:/a:ibm:websphere_service_registry_and_repository:8.5`	8.5
IBM Sterling Connect:Direct for Unix <6.4.0.1.iFix005 IBM / Sterling Connect:Direct		for Unix <6.4.0.1.iFix005
IBM WebSphere Application Server liberty IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:liberty`	liberty
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Storage Scale System <6.2.2.1 IBM / Storage Scale System		<6.2.2.1
IBM Storage Scale System <6.1.9.6 IBM / Storage Scale System		<6.1.9.6
IBM MQ 9.4 IBM / MQ	`cpe:/a:ibm:mq:9.4`	9.4
IBM QRadar SIEM <7.5.0 UP10 IF01 IBM / QRadar SIEM		<7.5.0 UP10 IF01
IBM FlashSystem 9100 Family IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9100_family`	9100 Family
IBM FlashSystem 9200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9200`	9200
IBM MQ Container 9.4.2.0-r1 IBM / MQ	`cpe:/a:ibm:mq:container_9.4.2.0-r1`	Container 9.4.2.0-r1
IBM FlashSystem V9000 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:v9000`	V9000
IBM MQ Operator v3.2.9 IBM / MQ	`cpe:/a:ibm:mq:operator_v3.2.9`	Operator v3.2.9
IBM FlashSystem 9500 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:9500`	9500
IBM MQ Operator v3.5.0 IBM / MQ	`cpe:/a:ibm:mq:operator_v3.5.0`	Operator v3.5.0
IBM Storwize V5000E IBM / Storwize	`cpe:/a:ibm:storwize:v5000e`	V5000E
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
IBM Tivoli Monitoring 6.3.0.7 IBM / Tivoli Monitoring	`cpe:/a:ibm:tivoli_monitoring:6.3.0.7`	6.3.0.7
IBM SPSS SPSS Collaboration and Deployment Services 8.5 IBM / SPSS	`cpe:/a:ibm:spss:spss_collaboration_and_deployment_services_8.5`	SPSS Collaboration and Deployment Services 8.5
IBM Power Hardware Management Console v10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	v10
IBM Sterling Connect:Direct <6.1.0.27 IBM / Sterling Connect:Direct		<6.1.0.27
Hitachi Command Suite Hitachi	`cpe:/a:hitachi:command_suite:-`	—
IBM TXSeries for multiplatforms IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms`	for multiplatforms
Oracle Java SE Oracle GraalVM for JDK 17.0.12 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12`	Oracle GraalVM for JDK 17.0.12
Oracle Java SE Oracle GraalVM for JDK 21.0.4 Oracle / Java SE	`cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4`	Oracle GraalVM for JDK 21.0.4
IBM Business Automation Workflow <24.0.1-IF002 IBM / Business Automation Workflow		<24.0.1-IF002
IBM Business Automation Workflow <24.0.0-IF005 IBM / Business Automation Workflow		<24.0.0-IF005
IBM MQ 9.1 IBM / MQ	`cpe:/a:ibm:mq:9.1`	9.1
IBM MQ 9.2 IBM / MQ	`cpe:/a:ibm:mq:9.2`	9.2
IBM FlashSystem 7300 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:7300`	7300
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
IBM QRadar SIEM <7.5.0 UP11 IF01 IBM / QRadar SIEM		<7.5.0 UP11 IF01
IBM Sterling Connect:Direct for Unix 6.2.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.2.0::unix`	for Unix 6.2.0
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM FlashSystem 5000 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:5000`	5000
IBM Sterling Connect:Direct for Unix 6.1.0 IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:6.1.0::unix`	for Unix 6.1.0
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—
IBM FlashSystem 7200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:7200`	7200
IBM Storage Scale <5.2.2.1 IBM / Storage Scale		<5.2.2.1
IBM FlashSystem 5200 IBM / FlashSystem	`cpe:/a:ibm:flashsystem:5200`	5200
Amazon Corretto <8.442.06.1 Amazon / Corretto		<8.442.06.1
IBM Storage Scale <5.1.9.8 IBM / Storage Scale		<5.1.9.8
Amazon Corretto <11.0.26.4.1 Amazon / Corretto		<11.0.26.4.1
HCL Commerce <9.1.18 HCL / Commerce		<9.1.18

References

90 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuoct2024…	external
https://docs.azul.com/core/pdfs/october-2024/azul…	external
https://access.redhat.com/errata/RHSA-2024:8120	external
https://access.redhat.com/errata/RHSA-2024:8121	external
https://access.redhat.com/errata/RHSA-2024:8122	external
https://access.redhat.com/errata/RHSA-2024:8119	external
https://access.redhat.com/errata/RHSA-2024:8124	external
https://access.redhat.com/errata/RHSA-2024:8118	external
https://access.redhat.com/errata/RHSA-2024:8128	external
https://access.redhat.com/errata/RHSA-2024:8129	external
https://access.redhat.com/errata/RHSA-2024:8125	external
https://access.redhat.com/errata/RHSA-2024:8127	external
https://access.redhat.com/errata/RHSA-2024:8123	external
https://access.redhat.com/errata/RHSA-2024:8126	external
https://linux.oracle.com/errata/ELSA-2024-8121.html	external
https://access.redhat.com/errata/RHSA-2024:8116	external
https://rhn.redhat.com/errata/RHSA-2024:8117.html	external
https://linux.oracle.com/errata/ELSA-2024-8127.html	external
https://linux.oracle.com/errata/ELSA-2024-8117.html	external
https://linux.oracle.com/errata/ELSA-2024-8124.html	external
https://lists.debian.org/debian-lts-announce/2024…	external
https://lists.debian.org/debian-lts-announce/2024…	external
https://lists.debian.org/debian-security-announce…	external
https://openjdk.org/groups/vulnerability/advisori…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.ibm.com/support/pages/node/7174634	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.opensuse.org/archives/list/security…	external
https://www.hitachi.com/products/it/software/secu…	external
https://lists.opensuse.org/archives/list/security…	external
https://ubuntu.com/security/notices/USN-7097-1	external
https://ubuntu.com/security/notices/USN-7096-1	external
https://ubuntu.com/security/notices/USN-7099-1	external
https://ubuntu.com/security/notices/USN-7098-1	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://ubuntu.com/security/notices/USN-7124-1	external
https://linux.oracle.com/errata/ELSA-2024-8116.html	external
https://linux.oracle.com/errata/ELSA-2024-8120.html	external
https://www.dell.com/support/kbdoc/de-de/00025588…	external
https://www.ibm.com/support/pages/node/7177827	external
https://lists.opensuse.org/archives/list/security…	external
https://www.ibm.com/support/pages/node/7177984	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.ibm.com/support/pages/node/7178094	external
https://security.gentoo.org/glsa/202412-07	external
https://access.redhat.com/errata/RHSA-2024:10926	external
https://www.ibm.com/support/pages/node/7178390	external
https://lists.opensuse.org/archives/list/security…	external
https://alas.aws.amazon.com/AL2/ALAS-2024-2720.html	external
https://www.ibm.com/support/pages/node/7180215	external
https://www.ibm.com/support/pages/node/7180388	external
https://github.com/corretto/corretto-11/blob/ece6…	external
https://github.com/corretto/corretto-8/blob/14eb6…	external
https://www.ibm.com/support/pages/node/7181346	external
https://www.ibm.com/support/pages/node/7182184	external
https://ubuntu.com/security/notices/USN-7096-2	external
https://www.ibm.com/support/pages/node/7182775	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.ibm.com/support/pages/node/7183091	external
https://www.ibm.com/support/pages/node/7181926	external
https://www.ibm.com/support/pages/node/7183567	external
https://www.ibm.com/support/pages/node/7183584	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.opensuse.org/archives/list/security…	external
https://www.ibm.com/support/pages/node/7183993	external
https://www.ibm.com/support/pages/node/7184062	external
https://www.ibm.com/support/pages/node/7184453	external
https://www.ibm.com/support/pages/node/7184323	external
https://www.ibm.com/support/pages/node/7184326	external
https://www.ibm.com/support/pages/node/7184956	external
https://ubuntu.com/security/notices/USN-7338-1	external
https://ubuntu.com/security/notices/USN-7339-1	external
https://www.ibm.com/support/pages/node/7185372	external
https://www.ibm.com/support/pages/node/7229072	external
https://www.ibm.com/support/pages/node/7230332	external
https://www.ibm.com/support/pages/node/7230474	external
https://www.ibm.com/support/pages/node/7231817	external
https://www.ibm.com/support/pages/node/7232352	external
https://www.ibm.com/support/pages/node/7232437	external
https://support.hcl-software.com/csm?id=kb_articl…	external
https://security.netapp.com/advisory/NTAP-20241018-0010	external
https://www.ibm.com/support/pages/node/7237493	external
https://www.ibm.com/support/pages/node/7237492	external
https://www.ibm.com/support/pages/node/7237491	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3189 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3189.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3189 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3189"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - October 2024 - Appendix Oracle Java SE vom 2024-10-15",
        "url": "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixJAVA"
      },
      {
        "category": "external",
        "summary": "Azul Zulu builds of OpenJDK vom 2024-10-15",
        "url": "https://docs.azul.com/core/pdfs/october-2024/azul-zulu-ca-release-notes-october-2024-rev1.0.pdf"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8120 vom 2024-10-16",
        "url": "https://access.redhat.com/errata/RHSA-2024:8120"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8121 vom 2024-10-16",
        "url": "https://access.redhat.com/errata/RHSA-2024:8121"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8122 vom 2024-10-16",
        "url": "https://access.redhat.com/errata/RHSA-2024:8122"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8119 vom 2024-10-16",
        "url": "https://access.redhat.com/errata/RHSA-2024:8119"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8124 vom 2024-10-16",
        "url": "https://access.redhat.com/errata/RHSA-2024:8124"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8118 vom 2024-10-16",
        "url": "https://access.redhat.com/errata/RHSA-2024:8118"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8128 vom 2024-10-16",
        "url": "https://access.redhat.com/errata/RHSA-2024:8128"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8129 vom 2024-10-16",
        "url": "https://access.redhat.com/errata/RHSA-2024:8129"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8125 vom 2024-10-16",
        "url": "https://access.redhat.com/errata/RHSA-2024:8125"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8127 vom 2024-10-16",
        "url": "https://access.redhat.com/errata/RHSA-2024:8127"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8123 vom 2024-10-16",
        "url": "https://access.redhat.com/errata/RHSA-2024:8123"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8126 vom 2024-10-16",
        "url": "https://access.redhat.com/errata/RHSA-2024:8126"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-8121 vom 2024-10-18",
        "url": "https://linux.oracle.com/errata/ELSA-2024-8121.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8116 vom 2024-10-17",
        "url": "https://access.redhat.com/errata/RHSA-2024:8116"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8117 vom 2024-10-17",
        "url": "https://rhn.redhat.com/errata/RHSA-2024:8117.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-8127 vom 2024-10-18",
        "url": "https://linux.oracle.com/errata/ELSA-2024-8127.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-8117 vom 2024-10-18",
        "url": "https://linux.oracle.com/errata/ELSA-2024-8117.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-8124 vom 2024-10-18",
        "url": "https://linux.oracle.com/errata/ELSA-2024-8124.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3929 vom 2024-10-21",
        "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00020.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3927 vom 2024-10-21",
        "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00018.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5794 vom 2024-10-21",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00208.html"
      },
      {
        "category": "external",
        "summary": "OpenJDK Vulnerability Advisory",
        "url": "https://openjdk.org/groups/vulnerability/advisories/2024-10-15"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3802-1 vom 2024-10-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019718.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin",
        "url": "https://www.ibm.com/support/pages/node/7174634"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2024:14449-1 vom 2024-11-02",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/CYPS4PNCRNNFM3OYJLTXOMYVAPX5WDWV/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2024:14448-1 vom 2024-11-02",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KDGJD2OULS4GVLFGY4DZH6L7TX3XS7RK/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3875-1 vom 2024-11-01",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/GLU5JTTGFTD7YI4RRECCJZQWTOZHUSNK/"
      },
      {
        "category": "external",
        "summary": "Hitachi Vulnerability Information HITACHI-SEC-2024-147 vom 2024-11-07",
        "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-147/index.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2024:14465-1 vom 2024-11-07",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/XKGLVFB244SXCHDTKBD64C7SBDSC7V7W/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7097-1 vom 2024-11-11",
        "url": "https://ubuntu.com/security/notices/USN-7097-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7096-1 vom 2024-11-11",
        "url": "https://ubuntu.com/security/notices/USN-7096-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7099-1 vom 2024-11-11",
        "url": "https://ubuntu.com/security/notices/USN-7099-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7098-1 vom 2024-11-11",
        "url": "https://ubuntu.com/security/notices/USN-7098-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3963-1 vom 2024-11-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019804.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3963-1 vom 2024-11-11",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YF4VNHR3FWXUMWTELTEOVDEWZ6SVMYHZ/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3987-1 vom 2024-11-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019817.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7124-1 vom 2024-11-25",
        "url": "https://ubuntu.com/security/notices/USN-7124-1"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-8116 vom 2024-11-28",
        "url": "https://linux.oracle.com/errata/ELSA-2024-8116.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-8120 vom 2024-11-28",
        "url": "https://linux.oracle.com/errata/ELSA-2024-8120.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-477 vom 2024-12-03",
        "url": "https://www.dell.com/support/kbdoc/de-de/000255884/dsa-2024-477-security-update-for-dell-networker-runtime-environment-nre-multiple-component-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7177827 vom 2024-12-04",
        "url": "https://www.ibm.com/support/pages/node/7177827"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4202-1 vom 2024-12-05",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/XPEHHO3XQ47QD6IA2ZDPCOMANOINIDBP/"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7177984 vom 2024-12-05",
        "url": "https://www.ibm.com/support/pages/node/7177984"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4252-1 vom 2024-12-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019963.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7178094 vom 2024-12-06",
        "url": "https://www.ibm.com/support/pages/node/7178094"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202412-07 vom 2024-12-07",
        "url": "https://security.gentoo.org/glsa/202412-07"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10926 vom 2024-12-10",
        "url": "https://access.redhat.com/errata/RHSA-2024:10926"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7178390 vom 2024-12-10",
        "url": "https://www.ibm.com/support/pages/node/7178390"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4306-1 vom 2024-12-12",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/MXBN2J5OLQHHEFQZKWDMPVG3S6TODMOZ/"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-2720 vom 2024-12-20",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2720.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7180215 vom 2025-01-03",
        "url": "https://www.ibm.com/support/pages/node/7180215"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7180388 vom 2025-01-13",
        "url": "https://www.ibm.com/support/pages/node/7180388"
      },
      {
        "category": "external",
        "summary": "Change Log for Amazon Corretto 11 vom 2025-01-21",
        "url": "https://github.com/corretto/corretto-11/blob/ece67a968d57210c69d3b9153576613846c1cacf/CHANGELOG.md"
      },
      {
        "category": "external",
        "summary": "Change Log for Amazon Corretto 8 vom 2025-01-21",
        "url": "https://github.com/corretto/corretto-8/blob/14eb6b297ac476ca5734706b40903e5a69ecd74a/CHANGELOG.md"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7181346 vom 2025-01-22",
        "url": "https://www.ibm.com/support/pages/node/7181346"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7182184 vom 2025-01-31",
        "url": "https://www.ibm.com/support/pages/node/7182184"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7096-2 vom 2025-02-05",
        "url": "https://ubuntu.com/security/notices/USN-7096-2"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7182775 vom 2025-02-07",
        "url": "https://www.ibm.com/support/pages/node/7182775"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:14755-1 vom 2025-02-10",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/T7KZSNPFAS32QHPRWSJGI2D4QTO3KWTH/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0435-1 vom 2025-02-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020317.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7183091 vom 2025-02-12",
        "url": "https://www.ibm.com/support/pages/node/7183091"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7181926 vom 2025-02-12",
        "url": "https://www.ibm.com/support/pages/node/7181926"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7183567 vom 2025-02-18",
        "url": "https://www.ibm.com/support/pages/node/7183567"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7183584 vom 2025-02-18",
        "url": "https://www.ibm.com/support/pages/node/7183584"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:0066-1 vom 2025-02-18",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/GS63GCBRVH7N4JEIZNQAPVFNNVB2OGSU/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:0067-1 vom 2025-02-20",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/XA5CCGSPUXUTQHDG25O5DM4G37BLRUMN/"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7183993 vom 2025-02-22",
        "url": "https://www.ibm.com/support/pages/node/7183993"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7184062 vom 2025-02-25",
        "url": "https://www.ibm.com/support/pages/node/7184062"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7184453 vom 2025-02-28",
        "url": "https://www.ibm.com/support/pages/node/7184453"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7184323 vom 2025-02-27",
        "url": "https://www.ibm.com/support/pages/node/7184323"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7184326 vom 2025-02-27",
        "url": "https://www.ibm.com/support/pages/node/7184326"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7184956 vom 2025-03-06",
        "url": "https://www.ibm.com/support/pages/node/7184956"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7338-1 vom 2025-03-11",
        "url": "https://ubuntu.com/security/notices/USN-7338-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7339-1 vom 2025-03-11",
        "url": "https://ubuntu.com/security/notices/USN-7339-1"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7185372 vom 2025-03-11",
        "url": "https://www.ibm.com/support/pages/node/7185372"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7229072 vom 2025-03-26",
        "url": "https://www.ibm.com/support/pages/node/7229072"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7230332 vom 2025-04-08",
        "url": "https://www.ibm.com/support/pages/node/7230332"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7230474 vom 2025-04-09",
        "url": "https://www.ibm.com/support/pages/node/7230474"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7231817 vom 2025-04-25",
        "url": "https://www.ibm.com/support/pages/node/7231817"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7232352 vom 2025-05-02",
        "url": "https://www.ibm.com/support/pages/node/7232352"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7232437 vom 2025-05-03",
        "url": "https://www.ibm.com/support/pages/node/7232437"
      },
      {
        "category": "external",
        "summary": "HCL Article KB0121242 vom 2025-05-21",
        "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0121242"
      },
      {
        "category": "external",
        "summary": "NetApp Security Advisory NTAP-20241018-0010 vom 2025-06-11",
        "url": "https://security.netapp.com/advisory/NTAP-20241018-0010"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7237493 vom 2025-06-20",
        "url": "https://www.ibm.com/support/pages/node/7237493"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7237492 vom 2025-06-20",
        "url": "https://www.ibm.com/support/pages/node/7237492"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7237491 vom 2025-06-20",
        "url": "https://www.ibm.com/support/pages/node/7237491"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Java SE: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-06-22T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-23T07:15:18.832+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2024-3189",
      "initial_release_date": "2024-10-15T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-10-15T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-10-16T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-10-17T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
        },
        {
          "date": "2024-10-20T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-10-21T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-10-28T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2024-10-30T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-10-31T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-11-03T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von openSUSE und SUSE aufgenommen"
        },
        {
          "date": "2024-11-06T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von HITACHI aufgenommen"
        },
        {
          "date": "2024-11-07T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2024-11-10T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-11-13T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-11-24T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-11-28T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-12-02T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-12-04T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-12-05T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von SUSE und IBM aufgenommen"
        },
        {
          "date": "2024-12-08T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von SUSE, IBM und Gentoo aufgenommen"
        },
        {
          "date": "2024-12-10T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Red Hat, IBM und IBM-APAR aufgenommen"
        },
        {
          "date": "2024-12-12T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-12-19T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2025-01-05T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-01-13T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-01-21T23:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2025-01-22T23:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-01-30T23:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-02-04T23:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-02-06T23:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-02-10T23:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2025-02-11T23:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von SUSE und IBM aufgenommen"
        },
        {
          "date": "2025-02-17T23:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
        },
        {
          "date": "2025-02-18T23:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von IBM und openSUSE aufgenommen"
        },
        {
          "date": "2025-02-19T23:00:00.000+00:00",
          "number": "34",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2025-02-23T23:00:00.000+00:00",
          "number": "35",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-02-24T23:00:00.000+00:00",
          "number": "36",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-02-27T23:00:00.000+00:00",
          "number": "37",
          "summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
        },
        {
          "date": "2025-03-06T23:00:00.000+00:00",
          "number": "38",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-03-10T23:00:00.000+00:00",
          "number": "39",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-03-11T23:00:00.000+00:00",
          "number": "40",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-03-26T23:00:00.000+00:00",
          "number": "41",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-04-08T22:00:00.000+00:00",
          "number": "42",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-04-09T22:00:00.000+00:00",
          "number": "43",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-04-27T22:00:00.000+00:00",
          "number": "44",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-05-01T22:00:00.000+00:00",
          "number": "45",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-05-04T22:00:00.000+00:00",
          "number": "46",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-05-21T22:00:00.000+00:00",
          "number": "47",
          "summary": "Neue Updates von HCL aufgenommen"
        },
        {
          "date": "2025-06-10T22:00:00.000+00:00",
          "number": "48",
          "summary": "Neue Updates von NetApp aufgenommen"
        },
        {
          "date": "2025-06-22T22:00:00.000+00:00",
          "number": "49",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "49"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c11.0.26.4.1",
                "product": {
                  "name": "Amazon Corretto \u003c11.0.26.4.1",
                  "product_id": "T040500"
                }
              },
              {
                "category": "product_version",
                "name": "11.0.26.4.1",
                "product": {
                  "name": "Amazon Corretto 11.0.26.4.1",
                  "product_id": "T040500-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:amazon:corretto:11.0.26.4.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.442.06.1",
                "product": {
                  "name": "Amazon Corretto \u003c8.442.06.1",
                  "product_id": "T040501"
                }
              },
              {
                "category": "product_version",
                "name": "8.442.06.1",
                "product": {
                  "name": "Amazon Corretto 8.442.06.1",
                  "product_id": "T040501-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:amazon:corretto:8.442.06.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Corretto"
          },
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Azul Zulu",
            "product": {
              "name": "Azul Zulu",
              "product_id": "T036273",
              "product_identification_helper": {
                "cpe": "cpe:/a:azul:zulu:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Azul"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Runtime Environment \u003c8.0.23",
                "product": {
                  "name": "Dell NetWorker Runtime Environment \u003c8.0.23",
                  "product_id": "T039544"
                }
              },
              {
                "category": "product_version",
                "name": "Runtime Environment 8.0.23",
                "product": {
                  "name": "Dell NetWorker Runtime Environment 8.0.23",
                  "product_id": "T039544-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:runtime_environment__8.0.23"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.1.18",
                "product": {
                  "name": "HCL Commerce \u003c9.1.18",
                  "product_id": "T044069"
                }
              },
              {
                "category": "product_version",
                "name": "9.1.18",
                "product": {
                  "name": "HCL Commerce 9.1.18",
                  "product_id": "T044069-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltechsw:commerce:9.1.18"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Commerce"
          }
        ],
        "category": "vendor",
        "name": "HCL"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Hitachi Command Suite",
            "product": {
              "name": "Hitachi Command Suite",
              "product_id": "T038839",
              "product_identification_helper": {
                "cpe": "cpe:/a:hitachi:command_suite:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Hitachi Configuration Manager",
            "product": {
              "name": "Hitachi Configuration Manager",
              "product_id": "T038841",
              "product_identification_helper": {
                "cpe": "cpe:/a:hitachi:configuration_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Hitachi Ops Center",
            "product": {
              "name": "Hitachi Ops Center",
              "product_id": "T038840",
              "product_identification_helper": {
                "cpe": "cpe:/a:hitachi:ops_center:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Hitachi"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.3",
                "product": {
                  "name": "IBM AIX 7.3",
                  "product_id": "1139691",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:ibm:aix:7.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.2",
                "product": {
                  "name": "IBM AIX 7.2",
                  "product_id": "434967",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:ibm:aix:7.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "AIX"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c13.0.2.0",
                "product": {
                  "name": "IBM App Connect Enterprise \u003c13.0.2.0",
                  "product_id": "T039657"
                }
              },
              {
                "category": "product_version",
                "name": "13.0.2.0",
                "product": {
                  "name": "IBM App Connect Enterprise 13.0.2.0",
                  "product_id": "T039657-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.2.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c12.0.12.9",
                "product": {
                  "name": "IBM App Connect Enterprise \u003c12.0.12.9",
                  "product_id": "T039658"
                }
              },
              {
                "category": "product_version",
                "name": "12.0.12.9",
                "product": {
                  "name": "IBM App Connect Enterprise 12.0.12.9",
                  "product_id": "T039658-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.12.9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "App Connect Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "22.0.2",
                "product": {
                  "name": "IBM Business Automation Workflow 22.0.2",
                  "product_id": "T029703",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:22.0.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "23.0.1",
                "product": {
                  "name": "IBM Business Automation Workflow 23.0.1",
                  "product_id": "T031216",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:23.0.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "23.0.2",
                "product": {
                  "name": "IBM Business Automation Workflow 23.0.2",
                  "product_id": "T033163",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:23.0.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "24.0.0",
                "product": {
                  "name": "IBM Business Automation Workflow 24.0.0",
                  "product_id": "T036570",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:24.0.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c24.0.1-IF002",
                "product": {
                  "name": "IBM Business Automation Workflow \u003c24.0.1-IF002",
                  "product_id": "T043290"
                }
              },
              {
                "category": "product_version",
                "name": "24.0.1-IF002",
                "product": {
                  "name": "IBM Business Automation Workflow 24.0.1-IF002",
                  "product_id": "T043290-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:24.0.1-if002"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c24.0.0-IF005",
                "product": {
                  "name": "IBM Business Automation Workflow \u003c24.0.0-IF005",
                  "product_id": "T043291"
                }
              },
              {
                "category": "product_version",
                "name": "24.0.0-IF005",
                "product": {
                  "name": "IBM Business Automation Workflow 24.0.0-IF005",
                  "product_id": "T043291-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:24.0.0-if005"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Business Automation Workflow"
          },
          {
            "category": "product_name",
            "name": "IBM DB2",
            "product": {
              "name": "IBM DB2",
              "product_id": "5104",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:db2:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "V9000",
                "product": {
                  "name": "IBM FlashSystem V9000",
                  "product_id": "T026925",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:flashsystem:v9000"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9500",
                "product": {
                  "name": "IBM FlashSystem 9500",
                  "product_id": "T026926",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:flashsystem:9500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9100 Family",
                "product": {
                  "name": "IBM FlashSystem 9100 Family",
                  "product_id": "T026927",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:flashsystem:9100_family"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9200",
                "product": {
                  "name": "IBM FlashSystem 9200",
                  "product_id": "T026928",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:flashsystem:9200"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7300",
                "product": {
                  "name": "IBM FlashSystem 7300",
                  "product_id": "T026929",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:flashsystem:7300"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7200",
                "product": {
                  "name": "IBM FlashSystem 7200",
                  "product_id": "T026930",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:flashsystem:7200"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5200",
                "product": {
                  "name": "IBM FlashSystem 5200",
                  "product_id": "T026931",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:flashsystem:5200"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5000",
                "product": {
                  "name": "IBM FlashSystem 5000",
                  "product_id": "T026932",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:flashsystem:5000"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FlashSystem"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "11.7",
                "product": {
                  "name": "IBM InfoSphere Information Server 11.7",
                  "product_id": "444803",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "InfoSphere Information Server"
          },
          {
            "category": "product_name",
            "name": "IBM Java",
            "product": {
              "name": "IBM Java",
              "product_id": "10699",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:jre:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9.1",
                "product": {
                  "name": "IBM MQ 9.1",
                  "product_id": "T014765",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:9.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.2",
                "product": {
                  "name": "IBM MQ 9.2",
                  "product_id": "T016984",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:9.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.3",
                "product": {
                  "name": "IBM MQ 9.3",
                  "product_id": "T027879",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:9.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.4",
                "product": {
                  "name": "IBM MQ 9.4",
                  "product_id": "T035670",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:9.4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Operator v3.5.0",
                "product": {
                  "name": "IBM MQ Operator v3.5.0",
                  "product_id": "T041481",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:operator_v3.5.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Operator v3.2.9",
                "product": {
                  "name": "IBM MQ Operator v3.2.9",
                  "product_id": "T041482",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:operator_v3.2.9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Container 9.4.2.0-r1",
                "product": {
                  "name": "IBM MQ Container 9.4.2.0-r1",
                  "product_id": "T041483",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:container_9.4.2.0-r1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "MQ"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "v10",
                "product": {
                  "name": "IBM Power Hardware Management Console v10",
                  "product_id": "T023373",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:hardware_management_console:v10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Power Hardware Management Console"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.5.0 UP10 IF01",
                "product": {
                  "name": "IBM QRadar SIEM \u003c7.5.0 UP10 IF01",
                  "product_id": "T038741"
                }
              },
              {
                "category": "product_version",
                "name": "7.5.0 UP10 IF01",
                "product": {
                  "name": "IBM QRadar SIEM 7.5.0 UP10 IF01",
                  "product_id": "T038741-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.5.0 UP11 IF01",
                "product": {
                  "name": "IBM QRadar SIEM \u003c7.5.0 UP11 IF01",
                  "product_id": "T041270"
                }
              },
              {
                "category": "product_version",
                "name": "7.5.0 UP11 IF01",
                "product": {
                  "name": "IBM QRadar SIEM 7.5.0 UP11 IF01",
                  "product_id": "T041270-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up11_if01"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "QRadar SIEM"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9.6",
                "product": {
                  "name": "IBM Rational Business Developer 9.6",
                  "product_id": "T023629",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_business_developer:9.6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.7",
                "product": {
                  "name": "IBM Rational Business Developer 9.7",
                  "product_id": "T023630",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_business_developer:9.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Rational Business Developer"
          },
          {
            "category": "product_name",
            "name": "IBM SAN Volume Controller",
            "product": {
              "name": "IBM SAN Volume Controller",
              "product_id": "T020642",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:san_volume_controller:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "SPSS Collaboration and Deployment Services 8.5",
                "product": {
                  "name": "IBM SPSS SPSS Collaboration and Deployment Services 8.5",
                  "product_id": "T042175",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spss:spss_collaboration_and_deployment_services_8.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SPSS"
          },
          {
            "category": "product_name",
            "name": "IBM Spectrum Protect",
            "product": {
              "name": "IBM Spectrum Protect",
              "product_id": "T013661",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:spectrum_protect:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6.3.0",
                "product": {
                  "name": "IBM Sterling Connect:Direct 6.3.0",
                  "product_id": "T040001",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:sterling_connect%3adirect:6.3.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "6.4.0",
                "product": {
                  "name": "IBM Sterling Connect:Direct 6.4.0",
                  "product_id": "T040002",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:sterling_connect%3adirect:6.4.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.1.0.27",
                "product": {
                  "name": "IBM Sterling Connect:Direct \u003c6.1.0.27",
                  "product_id": "T040672"
                }
              },
              {
                "category": "product_version",
                "name": "6.1.0.27",
                "product": {
                  "name": "IBM Sterling Connect:Direct 6.1.0.27",
                  "product_id": "T040672-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:sterling_connect%3adirect:6.1.0.27"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.2.0.26",
                "product": {
                  "name": "IBM Sterling Connect:Direct \u003c6.2.0.26",
                  "product_id": "T040726"
                }
              },
              {
                "category": "product_version",
                "name": "6.2.0.26",
                "product": {
                  "name": "IBM Sterling Connect:Direct 6.2.0.26",
                  "product_id": "T040726-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:sterling_connect%3adirect:6.2.0.26"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "6.1",
                "product": {
                  "name": "IBM Sterling Connect:Direct 6.1",
                  "product_id": "T040912",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:sterling_connect%3adirect:6.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "6.2",
                "product": {
                  "name": "IBM Sterling Connect:Direct 6.2",
                  "product_id": "T040913",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:sterling_connect%3adirect:6.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "6.3",
                "product": {
                  "name": "IBM Sterling Connect:Direct 6.3",
                  "product_id": "T040914",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:sterling_connect%3adirect:6.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "for Unix \u003c6.1.0.4.iFix121",
                "product": {
                  "name": "IBM Sterling Connect:Direct for Unix \u003c6.1.0.4.iFix121",
                  "product_id": "T041373"
                }
              },
              {
                "category": "product_version",
                "name": "for Unix 6.1.0.4.iFix121",
                "product": {
                  "name": "IBM Sterling Connect:Direct for Unix 6.1.0.4.iFix121",
                  "product_id": "T041373-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:sterling_connect%3adirect:for_unix__6.1.0.4.ifix121"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "for Unix \u003c6.3.0.4.iFix004",
                "product": {
                  "name": "IBM Sterling Connect:Direct for Unix \u003c6.3.0.4.iFix004",
                  "product_id": "T041374"
                }
              },
              {
                "category": "product_version",
                "name": "for Unix 6.3.0.4.iFix004",
                "product": {
                  "name": "IBM Sterling Connect:Direct for Unix 6.3.0.4.iFix004",
                  "product_id": "T041374-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:sterling_connect%3adirect:for_unix__6.3.0.4.ifix004"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "for Unix \u003c6.4.0.1.iFix005",
                "product": {
                  "name": "IBM Sterling Connect:Direct for Unix \u003c6.4.0.1.iFix005",
                  "product_id": "T041375"
                }
              },
              {
                "category": "product_version",
                "name": "for Unix 6.4.0.1.iFix005",
                "product": {
                  "name": "IBM Sterling Connect:Direct for Unix 6.4.0.1.iFix005",
                  "product_id": "T041375-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:sterling_connect%3adirect:for_unix__6.4.0.1.ifix005"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "for Unix 6.1.0",
                "product": {
                  "name": "IBM Sterling Connect:Direct for Unix 6.1.0",
                  "product_id": "T041390",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:sterling_connect%3adirect:6.1.0::unix"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "for Unix 6.2.0",
                "product": {
                  "name": "IBM Sterling Connect:Direct for Unix 6.2.0",
                  "product_id": "T041391",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:sterling_connect%3adirect:6.2.0::unix"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Sterling Connect:Direct"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.1.9.8",
                "product": {
                  "name": "IBM Storage Scale \u003c5.1.9.8",
                  "product_id": "T041755"
                }
              },
              {
                "category": "product_version",
                "name": "5.1.9.8",
                "product": {
                  "name": "IBM Storage Scale 5.1.9.8",
                  "product_id": "T041755-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spectrum_scale:5.1.9.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.2.2.1",
                "product": {
                  "name": "IBM Storage Scale \u003c5.2.2.1",
                  "product_id": "T041756"
                }
              },
              {
                "category": "product_version",
                "name": "5.2.2.1",
                "product": {
                  "name": "IBM Storage Scale 5.2.2.1",
                  "product_id": "T041756-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spectrum_scale:5.2.2.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Storage Scale"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.1.9.6",
                "product": {
                  "name": "IBM Storage Scale System \u003c6.1.9.6",
                  "product_id": "T041757"
                }
              },
              {
                "category": "product_version",
                "name": "6.1.9.6",
                "product": {
                  "name": "IBM Storage Scale System 6.1.9.6",
                  "product_id": "T041757-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:ibm:storage_scale_system:6.1.9.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.2.2.1",
                "product": {
                  "name": "IBM Storage Scale System \u003c6.2.2.1",
                  "product_id": "T041759"
                }
              },
              {
                "category": "product_version",
                "name": "6.2.2.1",
                "product": {
                  "name": "IBM Storage Scale System 6.2.2.1",
                  "product_id": "T041759-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:ibm:storage_scale_system:6.2.2.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Storage Scale System"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "V5100",
                "product": {
                  "name": "IBM Storwize V5100",
                  "product_id": "T020638",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:storwize:v5100"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "V5000",
                "product": {
                  "name": "IBM Storwize V5000",
                  "product_id": "T020639",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:storwize:v5000"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "V5000E",
                "product": {
                  "name": "IBM Storwize V5000E",
                  "product_id": "T026924",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:storwize:v5000e"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "V7000",
                "product": {
                  "name": "IBM Storwize V7000",
                  "product_id": "T041141",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:storwize:v7000"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Storwize"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "for multiplatforms",
                "product": {
                  "name": "IBM TXSeries for multiplatforms",
                  "product_id": "T036617",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:txseries:for_multiplatforms"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "TXSeries"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6.3.0.7",
                "product": {
                  "name": "IBM Tivoli Monitoring 6.3.0.7",
                  "product_id": "342008",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_monitoring:6.3.0.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tivoli Monitoring"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.1",
                "product": {
                  "name": "IBM VIOS 3.1",
                  "product_id": "1039165",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:vios:3.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.1",
                "product": {
                  "name": "IBM VIOS 4.1",
                  "product_id": "1522854",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:vios:4.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "VIOS"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.5",
                "product": {
                  "name": "IBM WebSphere Application Server 8.5",
                  "product_id": "703851",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_application_server:8.5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9",
                "product": {
                  "name": "IBM WebSphere Application Server 9.0",
                  "product_id": "703852",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_application_server:9.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "liberty",
                "product": {
                  "name": "IBM WebSphere Application Server liberty",
                  "product_id": "T011504",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_application_server:liberty"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "WebSphere Application Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.5",
                "product": {
                  "name": "IBM WebSphere Service Registry and Repository 8.5",
                  "product_id": "306235",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_service_registry_and_repository:8.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "WebSphere Service Registry and Repository"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "for VMware vSphere",
                "product": {
                  "name": "NetApp ActiveIQ Unified Manager for VMware vSphere",
                  "product_id": "T025152",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "for Microsoft Windows",
                "product": {
                  "name": "NetApp ActiveIQ Unified Manager for Microsoft Windows",
                  "product_id": "T025631",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ActiveIQ Unified Manager"
          }
        ],
        "category": "vendor",
        "name": "NetApp"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source OpenJDK",
            "product": {
              "name": "Open Source OpenJDK",
              "product_id": "580789",
              "product_identification_helper": {
                "cpe": "cpe:/a:oracle:openjdk:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Oracle GraalVM for JDK 17.0.12",
                "product": {
                  "name": "Oracle Java SE Oracle GraalVM for JDK 17.0.12",
                  "product_id": "T038438",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Oracle GraalVM for JDK 21.0.4",
                "product": {
                  "name": "Oracle Java SE Oracle GraalVM for JDK 21.0.4",
                  "product_id": "T038439",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Oracle GraalVM for JDK 23",
                "product": {
                  "name": "Oracle Java SE Oracle GraalVM for JDK 23",
                  "product_id": "T038440",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_23"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Oracle Java SE 8u421",
                "product": {
                  "name": "Oracle Java SE Oracle Java SE 8u421",
                  "product_id": "T038441",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:oracle_java_se_8u421"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Oracle GraalVM Enterprise Edition 20.3.15",
                "product": {
                  "name": "Oracle Java SE Oracle GraalVM Enterprise Edition 20.3.15",
                  "product_id": "T038442",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Oracle GraalVM Enterprise Edition 21.3.11",
                "product": {
                  "name": "Oracle Java SE Oracle GraalVM Enterprise Edition 21.3.11",
                  "product_id": "T038443",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Oracle Java SE 11.0.24",
                "product": {
                  "name": "Oracle Java SE Oracle Java SE 11.0.24",
                  "product_id": "T038444",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:oracle_java_se_11.0.24"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Oracle Java SE 17.0.12",
                "product": {
                  "name": "Oracle Java SE Oracle Java SE 17.0.12",
                  "product_id": "T038445",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:oracle_java_se_17.0.12"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Oracle Java SE 23",
                "product": {
                  "name": "Oracle Java SE Oracle Java SE 23",
                  "product_id": "T038447",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:oracle_java_se_23"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Oracle Java SE 21.0.4",
                "product": {
                  "name": "Oracle Java SE Oracle Java SE 21.0.4",
                  "product_id": "T038448",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:oracle_java_se_21.0.4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Oracle GraalVM Enterprise Edition: 20.3.15",
                "product": {
                  "name": "Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.15",
                  "product_id": "T038449",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Java SE"
          },
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-42950",
      "product_status": {
        "known_affected": [
          "T031216",
          "T038449",
          "T040726",
          "T038445",
          "T020639",
          "T038841",
          "T020638",
          "T038447",
          "T039658",
          "T038448",
          "T039657",
          "T004914",
          "703851",
          "T023629",
          "T038441",
          "T013661",
          "703852",
          "T038442",
          "T038443",
          "T038840",
          "T038444",
          "1139691",
          "T020642",
          "T041141",
          "T038440",
          "T027879",
          "398363",
          "T023630",
          "10699",
          "T040914",
          "T040913",
          "T040912",
          "434967",
          "1039165",
          "T033163",
          "1522854",
          "T012167",
          "T039544",
          "T041374",
          "T041373",
          "T036273",
          "2951",
          "T002207",
          "444803",
          "5104",
          "T027843",
          "T029703",
          "T040002",
          "T040001",
          "306235",
          "T041375",
          "T011504",
          "T025152",
          "67646",
          "T041759",
          "T041757",
          "T035670",
          "T038741",
          "T026927",
          "T026928",
          "T041483",
          "T026925",
          "T041482",
          "T026926",
          "T041481",
          "T026924",
          "T025631",
          "342008",
          "T042175",
          "T023373",
          "T040672",
          "T038839",
          "T036617",
          "T038438",
          "T038439",
          "T043290",
          "T043291",
          "T014765",
          "T016984",
          "T026929",
          "T036570",
          "T041270",
          "T041391",
          "T000126",
          "T026932",
          "T041390",
          "580789",
          "T026930",
          "T041756",
          "T026931",
          "T040501",
          "T041755",
          "T040500",
          "T044069"
        ]
      },
      "release_date": "2024-10-15T22:00:00.000+00:00",
      "title": "CVE-2023-42950"
    },
    {
      "cve": "CVE-2024-21208",
      "product_status": {
        "known_affected": [
          "T031216",
          "T038449",
          "T040726",
          "T038445",
          "T020639",
          "T038841",
          "T020638",
          "T038447",
          "T039658",
          "T038448",
          "T039657",
          "T004914",
          "703851",
          "T023629",
          "T038441",
          "T013661",
          "703852",
          "T038442",
          "T038443",
          "T038840",
          "T038444",
          "1139691",
          "T020642",
          "T041141",
          "T038440",
          "T027879",
          "398363",
          "T023630",
          "10699",
          "T040914",
          "T040913",
          "T040912",
          "434967",
          "1039165",
          "T033163",
          "1522854",
          "T012167",
          "T039544",
          "T041374",
          "T041373",
          "T036273",
          "2951",
          "T002207",
          "444803",
          "5104",
          "T027843",
          "T029703",
          "T040002",
          "T040001",
          "306235",
          "T041375",
          "T011504",
          "T025152",
          "67646",
          "T041759",
          "T041757",
          "T035670",
          "T038741",
          "T026927",
          "T026928",
          "T041483",
          "T026925",
          "T041482",
          "T026926",
          "T041481",
          "T026924",
          "T025631",
          "342008",
          "T042175",
          "T023373",
          "T040672",
          "T038839",
          "T036617",
          "T038438",
          "T038439",
          "T043290",
          "T043291",
          "T014765",
          "T016984",
          "T026929",
          "T036570",
          "T041270",
          "T041391",
          "T000126",
          "T026932",
          "T041390",
          "580789",
          "T026930",
          "T041756",
          "T026931",
          "T040501",
          "T041755",
          "T040500",
          "T044069"
        ]
      },
      "release_date": "2024-10-15T22:00:00.000+00:00",
      "title": "CVE-2024-21208"
    },
    {
      "cve": "CVE-2024-21210",
      "product_status": {
        "known_affected": [
          "T031216",
          "T038449",
          "T040726",
          "T038445",
          "T020639",
          "T038841",
          "T020638",
          "T038447",
          "T039658",
          "T038448",
          "T039657",
          "T004914",
          "703851",
          "T023629",
          "T038441",
          "T013661",
          "703852",
          "T038442",
          "T038443",
          "T038840",
          "T038444",
          "1139691",
          "T020642",
          "T041141",
          "T038440",
          "T027879",
          "398363",
          "T023630",
          "10699",
          "T040914",
          "T040913",
          "T040912",
          "434967",
          "1039165",
          "T033163",
          "1522854",
          "T012167",
          "T039544",
          "T041374",
          "T041373",
          "T036273",
          "2951",
          "T002207",
          "444803",
          "5104",
          "T027843",
          "T029703",
          "T040002",
          "T040001",
          "306235",
          "T041375",
          "T011504",
          "T025152",
          "67646",
          "T041759",
          "T041757",
          "T035670",
          "T038741",
          "T026927",
          "T026928",
          "T041483",
          "T026925",
          "T041482",
          "T026926",
          "T041481",
          "T026924",
          "T025631",
          "342008",
          "T042175",
          "T023373",
          "T040672",
          "T038839",
          "T036617",
          "T038438",
          "T038439",
          "T043290",
          "T043291",
          "T014765",
          "T016984",
          "T026929",
          "T036570",
          "T041270",
          "T041391",
          "T000126",
          "T026932",
          "T041390",
          "580789",
          "T026930",
          "T041756",
          "T026931",
          "T040501",
          "T041755",
          "T040500",
          "T044069"
        ]
      },
      "release_date": "2024-10-15T22:00:00.000+00:00",
      "title": "CVE-2024-21210"
    },
    {
      "cve": "CVE-2024-21211",
      "product_status": {
        "known_affected": [
          "T031216",
          "T038449",
          "T040726",
          "T038445",
          "T020639",
          "T038841",
          "T020638",
          "T038447",
          "T039658",
          "T038448",
          "T039657",
          "T004914",
          "703851",
          "T023629",
          "T038441",
          "T013661",
          "703852",
          "T038442",
          "T038443",
          "T038840",
          "T038444",
          "1139691",
          "T020642",
          "T041141",
          "T038440",
          "T027879",
          "398363",
          "T023630",
          "10699",
          "T040914",
          "T040913",
          "T040912",
          "434967",
          "1039165",
          "T033163",
          "1522854",
          "T012167",
          "T039544",
          "T041374",
          "T041373",
          "T036273",
          "2951",
          "T002207",
          "444803",
          "5104",
          "T027843",
          "T029703",
          "T040002",
          "T040001",
          "306235",
          "T041375",
          "T011504",
          "T025152",
          "67646",
          "T041759",
          "T041757",
          "T035670",
          "T038741",
          "T026927",
          "T026928",
          "T041483",
          "T026925",
          "T041482",
          "T026926",
          "T041481",
          "T026924",
          "T025631",
          "342008",
          "T042175",
          "T023373",
          "T040672",
          "T038839",
          "T036617",
          "T038438",
          "T038439",
          "T043290",
          "T043291",
          "T014765",
          "T016984",
          "T026929",
          "T036570",
          "T041270",
          "T041391",
          "T000126",
          "T026932",
          "T041390",
          "580789",
          "T026930",
          "T041756",
          "T026931",
          "T040501",
          "T041755",
          "T040500",
          "T044069"
        ]
      },
      "release_date": "2024-10-15T22:00:00.000+00:00",
      "title": "CVE-2024-21211"
    },
    {
      "cve": "CVE-2024-21217",
      "product_status": {
        "known_affected": [
          "T031216",
          "T038449",
          "T040726",
          "T038445",
          "T020639",
          "T038841",
          "T020638",
          "T038447",
          "T039658",
          "T038448",
          "T039657",
          "T004914",
          "703851",
          "T023629",
          "T038441",
          "T013661",
          "703852",
          "T038442",
          "T038443",
          "T038840",
          "T038444",
          "1139691",
          "T020642",
          "T041141",
          "T038440",
          "T027879",
          "398363",
          "T023630",
          "10699",
          "T040914",
          "T040913",
          "T040912",
          "434967",
          "1039165",
          "T033163",
          "1522854",
          "T012167",
          "T039544",
          "T041374",
          "T041373",
          "T036273",
          "2951",
          "T002207",
          "444803",
          "5104",
          "T027843",
          "T029703",
          "T040002",
          "T040001",
          "306235",
          "T041375",
          "T011504",
          "T025152",
          "67646",
          "T041759",
          "T041757",
          "T035670",
          "T038741",
          "T026927",
          "T026928",
          "T041483",
          "T026925",
          "T041482",
          "T026926",
          "T041481",
          "T026924",
          "T025631",
          "342008",
          "T042175",
          "T023373",
          "T040672",
          "T038839",
          "T036617",
          "T038438",
          "T038439",
          "T043290",
          "T043291",
          "T014765",
          "T016984",
          "T026929",
          "T036570",
          "T041270",
          "T041391",
          "T000126",
          "T026932",
          "T041390",
          "580789",
          "T026930",
          "T041756",
          "T026931",
          "T040501",
          "T041755",
          "T040500",
          "T044069"
        ]
      },
      "release_date": "2024-10-15T22:00:00.000+00:00",
      "title": "CVE-2024-21217"
    },
    {
      "cve": "CVE-2024-21235",
      "product_status": {
        "known_affected": [
          "T031216",
          "T038449",
          "T040726",
          "T038445",
          "T020639",
          "T038841",
          "T020638",
          "T038447",
          "T039658",
          "T038448",
          "T039657",
          "T004914",
          "703851",
          "T023629",
          "T038441",
          "T013661",
          "703852",
          "T038442",
          "T038443",
          "T038840",
          "T038444",
          "1139691",
          "T020642",
          "T041141",
          "T038440",
          "T027879",
          "398363",
          "T023630",
          "10699",
          "T040914",
          "T040913",
          "T040912",
          "434967",
          "1039165",
          "T033163",
          "1522854",
          "T012167",
          "T039544",
          "T041374",
          "T041373",
          "T036273",
          "2951",
          "T002207",
          "444803",
          "5104",
          "T027843",
          "T029703",
          "T040002",
          "T040001",
          "306235",
          "T041375",
          "T011504",
          "T025152",
          "67646",
          "T041759",
          "T041757",
          "T035670",
          "T038741",
          "T026927",
          "T026928",
          "T041483",
          "T026925",
          "T041482",
          "T026926",
          "T041481",
          "T026924",
          "T025631",
          "342008",
          "T042175",
          "T023373",
          "T040672",
          "T038839",
          "T036617",
          "T038438",
          "T038439",
          "T043290",
          "T043291",
          "T014765",
          "T016984",
          "T026929",
          "T036570",
          "T041270",
          "T041391",
          "T000126",
          "T026932",
          "T041390",
          "580789",
          "T026930",
          "T041756",
          "T026931",
          "T040501",
          "T041755",
          "T040500",
          "T044069"
        ]
      },
      "release_date": "2024-10-15T22:00:00.000+00:00",
      "title": "CVE-2024-21235"
    },
    {
      "cve": "CVE-2024-25062",
      "product_status": {
        "known_affected": [
          "T031216",
          "T038449",
          "T040726",
          "T038445",
          "T020639",
          "T038841",
          "T020638",
          "T038447",
          "T039658",
          "T038448",
          "T039657",
          "T004914",
          "703851",
          "T023629",
          "T038441",
          "T013661",
          "703852",
          "T038442",
          "T038443",
          "T038840",
          "T038444",
          "1139691",
          "T020642",
          "T041141",
          "T038440",
          "T027879",
          "398363",
          "T023630",
          "10699",
          "T040914",
          "T040913",
          "T040912",
          "434967",
          "1039165",
          "T033163",
          "1522854",
          "T012167",
          "T039544",
          "T041374",
          "T041373",
          "T036273",
          "2951",
          "T002207",
          "444803",
          "5104",
          "T027843",
          "T029703",
          "T040002",
          "T040001",
          "306235",
          "T041375",
          "T011504",
          "T025152",
          "67646",
          "T041759",
          "T041757",
          "T035670",
          "T038741",
          "T026927",
          "T026928",
          "T041483",
          "T026925",
          "T041482",
          "T026926",
          "T041481",
          "T026924",
          "T025631",
          "342008",
          "T042175",
          "T023373",
          "T040672",
          "T038839",
          "T036617",
          "T038438",
          "T038439",
          "T043290",
          "T043291",
          "T014765",
          "T016984",
          "T026929",
          "T036570",
          "T041270",
          "T041391",
          "T000126",
          "T026932",
          "T041390",
          "580789",
          "T026930",
          "T041756",
          "T026931",
          "T040501",
          "T041755",
          "T040500",
          "T044069"
        ]
      },
      "release_date": "2024-10-15T22:00:00.000+00:00",
      "title": "CVE-2024-25062"
    },
    {
      "cve": "CVE-2024-36138",
      "product_status": {
        "known_affected": [
          "T031216",
          "T038449",
          "T040726",
          "T038445",
          "T020639",
          "T038841",
          "T020638",
          "T038447",
          "T039658",
          "T038448",
          "T039657",
          "T004914",
          "703851",
          "T023629",
          "T038441",
          "T013661",
          "703852",
          "T038442",
          "T038443",
          "T038840",
          "T038444",
          "1139691",
          "T020642",
          "T041141",
          "T038440",
          "T027879",
          "398363",
          "T023630",
          "10699",
          "T040914",
          "T040913",
          "T040912",
          "434967",
          "1039165",
          "T033163",
          "1522854",
          "T012167",
          "T039544",
          "T041374",
          "T041373",
          "T036273",
          "2951",
          "T002207",
          "444803",
          "5104",
          "T027843",
          "T029703",
          "T040002",
          "T040001",
          "306235",
          "T041375",
          "T011504",
          "T025152",
          "67646",
          "T041759",
          "T041757",
          "T035670",
          "T038741",
          "T026927",
          "T026928",
          "T041483",
          "T026925",
          "T041482",
          "T026926",
          "T041481",
          "T026924",
          "T025631",
          "342008",
          "T042175",
          "T023373",
          "T040672",
          "T038839",
          "T036617",
          "T038438",
          "T038439",
          "T043290",
          "T043291",
          "T014765",
          "T016984",
          "T026929",
          "T036570",
          "T041270",
          "T041391",
          "T000126",
          "T026932",
          "T041390",
          "580789",
          "T026930",
          "T041756",
          "T026931",
          "T040501",
          "T041755",
          "T040500",
          "T044069"
        ]
      },
      "release_date": "2024-10-15T22:00:00.000+00:00",
      "title": "CVE-2024-36138"
    }
  ]
}

CVE-2023-42950 (GCVE-0-2023-42950)

Vulnerability from cvelistv5 – Published: 2024-03-28 15:39 – Updated: 2025-11-03 21:49

Summary

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Processing maliciously crafted web content may lead to arbitrary code execution

Assigner

apple

References

8 references

URL	Tags
https://support.apple.com/en-us/HT214039
https://support.apple.com/en-us/HT214035
https://support.apple.com/en-us/HT214040
https://support.apple.com/en-us/HT214036
https://support.apple.com/en-us/HT214041
https://support.apple.com/kb/HT214039
http://www.openwall.com/lists/oss-security/2024/03/26/1
https://lists.fedoraproject.org/archives/list/pac…

Impacted products

5 products

Vendor	Product	Version
Apple	Safari	Affected: unspecified , < 17.2 (custom)
Apple	iOS and iPadOS	Affected: unspecified , < 17.2 (custom)
Apple	tvOS	Affected: unspecified , < 17.2 (custom)
Apple	macOS	Affected: unspecified , < 14.2 (custom)
Apple	watchOS	Affected: unspecified , < 10.2 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:49:36.789Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214035"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214040"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214036"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214041"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241018-0009/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "safari",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "17.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "iphone_os",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "17.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ipad_os",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "17.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tvos",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "17.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "macos",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "14.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:apple:watchos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "watchos",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "10.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-42950",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-28T17:46:25.004934Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-09T15:40:20.216Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "10.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to arbitrary code execution",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-12T09:06:23.795Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT214039"
        },
        {
          "url": "https://support.apple.com/en-us/HT214035"
        },
        {
          "url": "https://support.apple.com/en-us/HT214040"
        },
        {
          "url": "https://support.apple.com/en-us/HT214036"
        },
        {
          "url": "https://support.apple.com/en-us/HT214041"
        },
        {
          "url": "https://support.apple.com/kb/HT214039"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2023-42950",
    "datePublished": "2024-03-28T15:39:16.227Z",
    "dateReserved": "2023-09-14T19:05:11.474Z",
    "dateUpdated": "2025-11-03T21:49:36.789Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-21208 (GCVE-0-2024-21208)

Vulnerability from cvelistv5 – Published: 2024-10-15 19:52 – Updated: 2025-11-03 21:52

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Severity

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuoct2024.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	Oracle Java SE	Affected: Oracle Java SE:8u421 Affected: Oracle Java SE:8u421-perf Affected: Oracle Java SE:11.0.24 Affected: Oracle Java SE:17.0.12 Affected: Oracle Java SE:21.0.4 Affected: Oracle Java SE:23 Affected: Oracle GraalVM for JDK:17.0.12 Affected: Oracle GraalVM for JDK:21.0.4 Affected: Oracle GraalVM for JDK:23 Affected: Oracle GraalVM Enterprise Edition:20.3.15 Affected: Oracle GraalVM Enterprise Edition:21.3.11 cpe:2.3:a:oracle:java_se:8u421:::::::* cpe:2.3:a:oracle:java_se:8u421::::enterprise_performance::: cpe:2.3:a:oracle:java_se:11.0.24:::::::* cpe:2.3:a:oracle:java_se:17.0.12:::::::* cpe:2.3:a:oracle:java_se:21.0.4:::::::* cpe:2.3:a:oracle:java_se:23:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:23:::::::* cpe:2.3:a:oracle:graalvm:20.3.15::::enterprise::: cpe:2.3:a:oracle:graalvm:21.3.11::::enterprise:::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21208",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T13:27:45.725418Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-203",
                "description": "CWE-203 Observable Discrepancy",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T13:06:16.702Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:52:56.996Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00020.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241018-0010/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*",
            "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"
          ],
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u421"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u421-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.24"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.15"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and  21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T19:52:40.907Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21208",
    "datePublished": "2024-10-15T19:52:40.907Z",
    "dateReserved": "2023-12-07T22:28:10.690Z",
    "dateUpdated": "2025-11-03T21:52:56.996Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-21210 (GCVE-0-2024-21210)

Vulnerability from cvelistv5 – Published: 2024-10-15 19:52 – Updated: 2025-11-03 21:52

Summary

Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Severity

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuoct2024.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	Oracle Java SE	Affected: Oracle Java SE:8u421 Affected: Oracle Java SE:8u421-perf Affected: Oracle Java SE:11.0.24 Affected: Oracle Java SE:17.0.12 Affected: Oracle Java SE:21.0.4 Affected: Oracle Java SE:23 cpe:2.3:a:oracle:java_se:8u421:::::::* cpe:2.3:a:oracle:java_se:8u421::::enterprise_performance::: cpe:2.3:a:oracle:java_se:11.0.24:::::::* cpe:2.3:a:oracle:java_se:17.0.12:::::::* cpe:2.3:a:oracle:java_se:21.0.4:::::::* cpe:2.3:a:oracle:java_se:23:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21210",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T13:26:29.982643Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-203",
                "description": "CWE-203 Observable Discrepancy",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T13:05:44.388Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:52:59.933Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00020.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00018.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*",
            "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*"
          ],
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u421"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u421-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.24"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:23"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and  23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T19:52:41.538Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21210",
    "datePublished": "2024-10-15T19:52:41.538Z",
    "dateReserved": "2023-12-07T22:28:10.690Z",
    "dateUpdated": "2025-11-03T21:52:59.933Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-21211 (GCVE-0-2024-21211)

Vulnerability from cvelistv5 – Published: 2024-10-15 19:52 – Updated: 2024-10-31 12:58

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Severity

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuoct2024.html	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
Oracle Corporation	GraalVM	Affected: Oracle Java SE:23 Affected: Oracle GraalVM for JDK:17.0.12 Affected: Oracle GraalVM for JDK:21.0.4 Affected: Oracle GraalVM for JDK:23 Affected: Oracle GraalVM Enterprise Edition:20.3.15 Affected: Oracle GraalVM Enterprise Edition:21.3.11 cpe:2.3:a:oracle:java_se:23:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:23:::::::* cpe:2.3:a:oracle:graalvm:20.3.15::::enterprise::: cpe:2.3:a:oracle:graalvm:21.3.11::::enterprise:::
Oracle Corporation	Oracle Java SE	Affected: Oracle Java SE:23 Affected: Oracle GraalVM for JDK:17.0.12 Affected: Oracle GraalVM for JDK:21.0.4 Affected: Oracle GraalVM for JDK:23 Affected: Oracle GraalVM Enterprise Edition:20.3.15 Affected: Oracle GraalVM Enterprise Edition:21.3.11 cpe:2.3:a:oracle:java_se:23:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:23:::::::* cpe:2.3:a:oracle:graalvm:20.3.15::::enterprise::: cpe:2.3:a:oracle:graalvm:21.3.11::::enterprise:::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21211",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T13:26:03.882463Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-922",
                "description": "CWE-922 Insecure Storage of Sensitive Information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T12:58:57.038Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-18T13:07:36.569Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20241018-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"
          ],
          "product": "GraalVM",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.15"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.11"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"
          ],
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.15"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler).  Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and  21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T19:52:41.883Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21211",
    "datePublished": "2024-10-15T19:52:41.883Z",
    "dateReserved": "2023-12-07T22:28:10.690Z",
    "dateUpdated": "2024-10-31T12:58:57.038Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21217 (GCVE-0-2024-21217)

Vulnerability from cvelistv5 – Published: 2024-10-15 19:52 – Updated: 2025-11-03 21:53

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Severity

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuoct2024.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	Oracle Java SE	Affected: Oracle Java SE:8u421 Affected: Oracle Java SE:8u421-perf Affected: Oracle Java SE:11.0.24 Affected: Oracle Java SE:17.0.12 Affected: Oracle Java SE:21.0.4 Affected: Oracle Java SE:23 Affected: Oracle GraalVM for JDK:17.0.12 Affected: Oracle GraalVM for JDK:21.0.4 Affected: Oracle GraalVM for JDK:23 Affected: Oracle GraalVM Enterprise Edition:20.3.15 Affected: Oracle GraalVM Enterprise Edition:21.3.11 cpe:2.3:a:oracle:java_se:8u421:::::::* cpe:2.3:a:oracle:java_se:8u421::::enterprise_performance::: cpe:2.3:a:oracle:java_se:11.0.24:::::::* cpe:2.3:a:oracle:java_se:17.0.12:::::::* cpe:2.3:a:oracle:java_se:21.0.4:::::::* cpe:2.3:a:oracle:java_se:23:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:23:::::::* cpe:2.3:a:oracle:graalvm:20.3.15::::enterprise::: cpe:2.3:a:oracle:graalvm:21.3.11::::enterprise:::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21217",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T13:44:31.294836Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-13T13:55:34.558Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:53:04.353Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00020.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00018.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*",
            "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"
          ],
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u421"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u421-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.24"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.15"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and  21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T19:52:43.814Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21217",
    "datePublished": "2024-10-15T19:52:43.814Z",
    "dateReserved": "2023-12-07T22:28:10.691Z",
    "dateUpdated": "2025-11-03T21:53:04.353Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-21235 (GCVE-0-2024-21235)

Vulnerability from cvelistv5 – Published: 2024-10-15 19:52 – Updated: 2025-11-03 21:53

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Severity

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuoct2024.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	Oracle Java SE	Affected: Oracle Java SE:8u421 Affected: Oracle Java SE:8u421-perf Affected: Oracle Java SE:11.0.24 Affected: Oracle Java SE:17.0.12 Affected: Oracle Java SE:21.0.4 Affected: Oracle Java SE:23 Affected: Oracle GraalVM for JDK:17.0.12 Affected: Oracle GraalVM for JDK:21.0.4 Affected: Oracle GraalVM for JDK:23 Affected: Oracle GraalVM Enterprise Edition:20.3.15 Affected: Oracle GraalVM Enterprise Edition:21.3.11 cpe:2.3:a:oracle:java_se:8u421:::::::* cpe:2.3:a:oracle:java_se:8u421::::enterprise_performance::: cpe:2.3:a:oracle:java_se:11.0.24:::::::* cpe:2.3:a:oracle:java_se:17.0.12:::::::* cpe:2.3:a:oracle:java_se:21.0.4:::::::* cpe:2.3:a:oracle:java_se:23:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:23:::::::* cpe:2.3:a:oracle:graalvm:20.3.15::::enterprise::: cpe:2.3:a:oracle:graalvm:21.3.11::::enterprise:::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21235",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-16T14:30:43.618436Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-25T17:00:08.660Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:53:14.636Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00020.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00018.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*",
            "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"
          ],
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u421"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u421-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.24"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.15"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23;   Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23;   Oracle GraalVM Enterprise Edition: 20.3.15 and  21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T19:52:46.900Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21235",
    "datePublished": "2024-10-15T19:52:46.900Z",
    "dateReserved": "2023-12-07T22:28:10.698Z",
    "dateUpdated": "2025-11-03T21:53:14.636Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-25062 (GCVE-0-2024-25062)

Vulnerability from cvelistv5 – Published: 2024-02-04 00:00 – Updated: 2025-11-03 21:53

Summary

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

2 references

URL	Tags
https://gitlab.gnome.org/GNOME/libxml2/-/tags
https://gitlab.gnome.org/GNOME/libxml2/-/issues/604

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:53:58.764Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241018-0009/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-25062",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-09T17:35:33.314239Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-09T17:37:44.131Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-04T16:04:53.794Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-25062",
    "datePublished": "2024-02-04T00:00:00.000Z",
    "dateReserved": "2024-02-04T00:00:00.000Z",
    "dateUpdated": "2025-11-03T21:53:58.764Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36138 (GCVE-0-2024-36138)

Vulnerability from cvelistv5 – Published: 2024-09-07 16:00 – Updated: 2025-04-30 22:25

Summary

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.

Severity

8.1 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Assigner

hackerone

References

1 reference

URL	Tags
https://nodejs.org/en/blog/vulnerability/july-202…

Impacted products

1 product

Vendor	Product	Version
NodeJS	Node	Affected: 4.0 , < 4.* (semver) Affected: 5.0 , < 5.* (semver) Affected: 6.0 , < 6.* (semver) Affected: 7.0 , < 7.* (semver) Affected: 8.0 , < 8.* (semver) Affected: 9.0 , < 9.* (semver) Affected: 10.0 , < 10.* (semver) Affected: 11.0 , < 11.* (semver) Affected: 12.0 , < 12.* (semver) Affected: 13.0 , < 13.* (semver) Affected: 14.0 , < 14.* (semver) Affected: 15.0 , < 15.* (semver) Affected: 16.0 , < 16.* (semver) Affected: 17.0 , < 17.* (semver) Affected: 18.0 , < 18.20.4 (semver) Affected: 19.0 , < 19.* (semver) Affected: 20.0 , < 20.15.1 (semver) Affected: 21.0 , < 21.* (semver) Affected: 22.0 , < 22.4.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nodejs",
            "vendor": "nodejs",
            "versions": [
              {
                "lessThan": "18.20.4",
                "status": "affected",
                "version": "18.0",
                "versionType": "semver"
              },
              {
                "lessThan": "20.15.1",
                "status": "affected",
                "version": "20.0",
                "versionType": "semver"
              },
              {
                "lessThan": "22.4.1",
                "status": "affected",
                "version": "22.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36138",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T17:53:28.236286Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-77",
                "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T17:57:58.475Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-08T15:02:49.727Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20241108-0010/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Node",
          "vendor": "NodeJS",
          "versions": [
            {
              "lessThan": "4.*",
              "status": "affected",
              "version": "4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.*",
              "status": "affected",
              "version": "5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.*",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "7.*",
              "status": "affected",
              "version": "7.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.*",
              "status": "affected",
              "version": "8.0",
              "versionType": "semver"
            },
            {
              "lessThan": "9.*",
              "status": "affected",
              "version": "9.0",
              "versionType": "semver"
            },
            {
              "lessThan": "10.*",
              "status": "affected",
              "version": "10.0",
              "versionType": "semver"
            },
            {
              "lessThan": "11.*",
              "status": "affected",
              "version": "11.0",
              "versionType": "semver"
            },
            {
              "lessThan": "12.*",
              "status": "affected",
              "version": "12.0",
              "versionType": "semver"
            },
            {
              "lessThan": "13.*",
              "status": "affected",
              "version": "13.0",
              "versionType": "semver"
            },
            {
              "lessThan": "14.*",
              "status": "affected",
              "version": "14.0",
              "versionType": "semver"
            },
            {
              "lessThan": "15.*",
              "status": "affected",
              "version": "15.0",
              "versionType": "semver"
            },
            {
              "lessThan": "16.*",
              "status": "affected",
              "version": "16.0",
              "versionType": "semver"
            },
            {
              "lessThan": "17.*",
              "status": "affected",
              "version": "17.0",
              "versionType": "semver"
            },
            {
              "lessThan": "18.20.4",
              "status": "affected",
              "version": "18.0",
              "versionType": "semver"
            },
            {
              "lessThan": "19.*",
              "status": "affected",
              "version": "19.0",
              "versionType": "semver"
            },
            {
              "lessThan": "20.15.1",
              "status": "affected",
              "version": "20.0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.*",
              "status": "affected",
              "version": "21.0",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4.1",
              "status": "affected",
              "version": "22.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-30T22:25:18.920Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://nodejs.org/en/blog/vulnerability/july-2024-security-releases"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2024-36138",
    "datePublished": "2024-09-07T16:00:36.011Z",
    "dateReserved": "2024-05-21T01:04:07.208Z",
    "dateUpdated": "2025-04-30T22:25:18.920Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2024-3189

CVE-2023-42950 (GCVE-0-2023-42950)

CVE-2024-21208 (GCVE-0-2024-21208)

CVE-2024-21210 (GCVE-0-2024-21210)

CVE-2024-21211 (GCVE-0-2024-21211)

CVE-2024-21217 (GCVE-0-2024-21217)

CVE-2024-21235 (GCVE-0-2024-21235)

CVE-2024-25062 (GCVE-0-2024-25062)

CVE-2024-36138 (GCVE-0-2024-36138)

Tags

Sightings

Nomenclature