{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "nl", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." }, { "category": "description", "text": "Oracle heeft kwetsbaarheden verholpen in verschillende Financial Services producten", "title": "Feiten" }, { "category": "description", "text": "De kwetsbaarheden stellen niet-geauthenticeerde kwaadwillenden in staat om via HTTP toegang te krijgen tot kritieke gegevens, wat kan leiden tot ongeautoriseerde gegevenstoegang en andere beveiligingsrisico's. Kwaadwillenden kunnen ook gebruik maken van misconfiguraties en kwetsbaarheden in de software om privilege-escalatie, denial-of-service en remote code execution uit te voeren.", "title": "Interpretaties" }, { "category": "description", "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", "title": "Oplossingen" }, { "category": "general", "text": "medium", "title": "Kans" }, { "category": "general", "text": "high", "title": "Schade" }, { "category": "general", "text": "Always-Incorrect Control Flow Implementation", "title": "CWE-670" }, { "category": "general", "text": "Use of Potentially Dangerous Function", "title": "CWE-676" }, { "category": "general", "text": "Storage of Sensitive Data in a Mechanism without Access Control", "title": "CWE-921" }, { "category": "general", "text": "Insecure Storage of Sensitive Information", "title": "CWE-922" }, { "category": "general", "text": "Incorrect Resource Transfer Between Spheres", "title": "CWE-669" }, { "category": "general", "text": "Improper Handling of Case Sensitivity", "title": "CWE-178" }, { "category": "general", "text": "Incorrect Implementation of Authentication Algorithm", "title": "CWE-303" }, { "category": "general", "text": "Incorrect Permission Assignment for Critical Resource", "title": "CWE-732" }, { "category": "general", "text": "Time-of-check Time-of-use (TOCTOU) Race Condition", "title": "CWE-367" }, { "category": "general", "text": "Integer Overflow to Buffer Overflow", "title": "CWE-680" }, { "category": "general", "text": "Authorization Bypass Through User-Controlled Key", "title": "CWE-639" }, { "category": "general", "text": "Improper Resource Shutdown or Release", "title": "CWE-404" }, { "category": "general", "text": "Improper Access Control", "title": "CWE-284" }, { "category": "general", "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer", "title": "CWE-119" }, { "category": "general", "text": "Uncontrolled Resource Consumption", "title": "CWE-400" }, { "category": "general", "text": "Deserialization of Untrusted Data", "title": "CWE-502" }, { "category": "general", "text": "Uncontrolled Recursion", "title": "CWE-674" }, { "category": "general", "text": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "title": "CWE-22" }, { "category": "general", "text": "Improper Restriction of XML External Entity Reference", "title": "CWE-611" }, { "category": "general", "text": "Stack-based Buffer Overflow", "title": "CWE-121" }, { "category": "general", "text": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "title": "CWE-120" }, { "category": "general", "text": "Improper Input Validation", "title": "CWE-20" } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "Nationaal Cyber Security Centrum", "namespace": "https://www.ncsc.nl/" }, "references": [ { "category": "external", "summary": "Reference - cveprojectv5; nvd; oracle", "url": "https://www.oracle.com/security-alerts/cpuapr2025.html" } ], "title": "Kwetsbaarheden verholpen in Oracle Financial Services", "tracking": { "current_release_date": "2025-04-16T15:00:12.952979Z", "generator": { "date": "2025-02-25T15:15:00Z", "engine": { "name": "V.A.", "version": "1.0" } }, "id": "NCSC-2025-0127", "initial_release_date": "2025-04-16T15:00:12.952979Z", "revision_history": [ { "date": "2025-04-16T15:00:12.952979Z", "number": "1.0.0", "summary": "Initiele versie" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/8.1.2.7.0", "product": { "name": "vers:unknown/8.1.2.7.0", "product_id": "CSAFPID-2698335" } }, { "category": "product_version_range", "name": "vers:unknown/8.1.3.0", "product": { "name": "vers:unknown/8.1.3.0", "product_id": "CSAFPID-1838588" } } ], "category": "product_name", "name": "Financial Services Model Management and Governance" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/8.0.7.8", "product": { "name": "vers:unknown/8.0.7.8", "product_id": "CSAFPID-1838570" } }, { "category": "product_version_range", "name": "vers:unknown/8.0.8.6", "product": { "name": "vers:unknown/8.0.8.6", "product_id": "CSAFPID-1838583" } }, { "category": "product_version_range", "name": "vers:unknown/8.1.1.4", "product": { "name": "vers:unknown/8.1.1.4", "product_id": "CSAFPID-2698354" } }, { "category": "product_version_range", "name": "vers:unknown/8.1.2.5", "product": { "name": "vers:unknown/8.1.2.5", "product_id": "CSAFPID-1838577" } } ], "category": "product_name", "name": "Financial Services Analytical Applications Infrastructure" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/8.0.8.1", "product": { "name": "vers:unknown/8.0.8.1", "product_id": "CSAFPID-1199519" } }, { "category": "product_version_range", "name": "vers:unknown/8.1.2.7", "product": { "name": "vers:unknown/8.1.2.7", "product_id": "CSAFPID-1838573" } }, { "category": "product_version_range", "name": "vers:unknown/8.1.2.8", "product": { "name": "vers:unknown/8.1.2.8", "product_id": "CSAFPID-1838574" } } ], "category": "product_name", "name": "Financial Services Behavior Detection Platform" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/14.7.0.7.0", "product": { "name": "vers:unknown/14.7.0.7.0", "product_id": "CSAFPID-2698380" } } ], "category": "product_name", "name": "Banking Liquidity Management" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/8.1.2.6", "product": { "name": "vers:unknown/8.1.2.6", "product_id": "CSAFPID-1838589" } } ], "category": "product_name", "name": "Financial Services Compliance Studio" } ], "category": "product_family", "name": "Oracle" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:oracle/8.1.2.6", "product": { "name": "vers:oracle/8.1.2.6", "product_id": "CSAFPID-1839860", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:oracle/8.1.2.7", "product": { "name": "vers:oracle/8.1.2.7", "product_id": "CSAFPID-1839857", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:oracle/8.1.2.7.0", "product": { "name": "vers:oracle/8.1.2.7.0", "product_id": "CSAFPID-2699019", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:oracle/8.1.3.0", "product": { "name": "vers:oracle/8.1.3.0", "product_id": "CSAFPID-1839858", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Model Management and Governance" }, { "branches": [ { "category": "product_version_range", "name": "vers:oracle/21.1.0.0.0", "product": { "name": "vers:oracle/21.1.0.0.0", "product_id": "CSAFPID-2698953", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:oracle/22.1.0.0.0", "product": { "name": "vers:oracle/22.1.0.0.0", "product_id": "CSAFPID-2698951", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:oracle/22.2.0.0.0", "product": { "name": "vers:oracle/22.2.0.0.0", "product_id": "CSAFPID-2698952", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking APIs" }, { "branches": [ { "category": "product_version_range", "name": "vers:oracle/21.1.0.0.0", "product": { "name": "vers:oracle/21.1.0.0.0", "product_id": "CSAFPID-2698992", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:oracle/22.1.0.0.0", "product": { "name": "vers:oracle/22.1.0.0.0", "product_id": "CSAFPID-2698990", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:oracle/22.2.0.0.0", "product": { "name": "vers:oracle/22.2.0.0.0", "product_id": "CSAFPID-2698994", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking Digital Experience" }, { "branches": [ { "category": "product_version_range", "name": "vers:oracle/8.0.7.8", "product": { "name": "vers:oracle/8.0.7.8", "product_id": "CSAFPID-1839976", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:oracle/8.0.8.6", "product": { "name": "vers:oracle/8.0.8.6", "product_id": "CSAFPID-1839966", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:oracle/8.1.1.4", "product": { "name": "vers:oracle/8.1.1.4", "product_id": "CSAFPID-2699017", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:oracle/8.1.2.5", "product": { "name": "vers:oracle/8.1.2.5", "product_id": "CSAFPID-1839974", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Analytical Applications Infrastructure" }, { "branches": [ { "category": "product_version_range", "name": "vers:oracle/5.1.0.0.0", "product": { "name": "vers:oracle/5.1.0.0.0", "product_id": "CSAFPID-2699099", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:oracle/6.1.0.0.0", "product": { "name": "vers:oracle/6.1.0.0.0", "product_id": "CSAFPID-2699100", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:oracle/7.0.0.0.0", "product": { "name": "vers:oracle/7.0.0.0.0", "product_id": "CSAFPID-2699101", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0", "product": { "name": "vers:oracle/>=2.9.0.0.0|<=7.0.0.0.0", "product_id": "CSAFPID-1839884", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Revenue Management and Billing" }, { "branches": [ { "category": "product_version_range", "name": "vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0", "product": { "name": "vers:oracle/>=14.4.0.0.0|<=14.7.0.0.0", "product_id": "CSAFPID-1839866", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0", "product": { "name": "vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0", "product_id": "CSAFPID-2698995", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking Corporate Lending Process Management" }, { "branches": [ { "category": "product_version_range", "name": "vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0", "product": { "name": "vers:oracle/>=14.5.0.0.0|<=14.7.0.0.0", "product_id": "CSAFPID-1839867", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking Origination" }, { "branches": [ { "category": "product_version_range", "name": "vers:oracle/8.0.8.1", "product": { "name": "vers:oracle/8.0.8.1", "product_id": "CSAFPID-1839881", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:oracle/8.1.2.7", "product": { "name": "vers:oracle/8.1.2.7", "product_id": "CSAFPID-1839880", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:oracle/8.1.2.8", "product": { "name": "vers:oracle/8.1.2.8", "product_id": "CSAFPID-1839882", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:oracle/8.1.2.9", "product": { "name": "vers:oracle/8.1.2.9", "product_id": "CSAFPID-2698954", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Behavior Detection Platform" }, { "branches": [ { "category": "product_version_range", "name": "vers:oracle/8.0.8", "product": { "name": "vers:oracle/8.0.8", "product_id": "CSAFPID-1839878", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition" }, { "branches": [ { "category": "product_version_range", "name": "vers:oracle/14.7.0.7.0", "product": { "name": "vers:oracle/14.7.0.7.0", "product_id": "CSAFPID-2698938", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:oracle/14.7.5.0.0", "product": { "name": "vers:oracle/14.7.5.0.0", "product_id": "CSAFPID-1839923", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking Liquidity Management" }, { "branches": [ { "category": "product_version_range", "name": "vers:oracle/8.1.2.6", "product": { "name": "vers:oracle/8.1.2.6", "product_id": "CSAFPID-1839871", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:oracle/8.1.2.9", "product": { "name": "vers:oracle/8.1.2.9", "product_id": "CSAFPID-2699005", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Compliance Studio" } ], "category": "product_family", "name": "Oracle Financial Services Applications" } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:semver/5.1.0.0.0", "product": { "name": "vers:semver/5.1.0.0.0", "product_id": "CSAFPID-2698450" } }, { "category": "product_version_range", "name": "vers:semver/6.1.0.0.0", "product": { "name": "vers:semver/6.1.0.0.0", "product_id": "CSAFPID-2698451" } }, { "category": "product_version_range", "name": "vers:semver/7.0.0.0.0", "product": { "name": "vers:semver/7.0.0.0.0", "product_id": "CSAFPID-2698452" } } ], "category": "product_name", "name": "Oracle Financial Services Revenue Management and Billing" } ], "category": "vendor", "name": "Oracle Corporation" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-28170", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "other", "text": "Improper Input Validation", "title": "CWE-20" } ], "product_status": { "known_affected": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] }, "references": [ { "category": "self", "summary": "CVE-2021-28170", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-28170.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] } ], "title": "CVE-2021-28170" }, { "cve": "CVE-2023-39410", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "notes": [ { "category": "other", "text": "Deserialization of Untrusted Data", "title": "CWE-502" }, { "category": "other", "text": "Improper Input Validation", "title": "CWE-20" } ], "product_status": { "known_affected": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] }, "references": [ { "category": "self", "summary": "CVE-2023-39410", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39410.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] } ], "title": "CVE-2023-39410" }, { "cve": "CVE-2023-49582", "cwe": { "id": "CWE-732", "name": "Incorrect Permission Assignment for Critical Resource" }, "notes": [ { "category": "other", "text": "Incorrect Permission Assignment for Critical Resource", "title": "CWE-732" }, { "category": "other", "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer", "title": "CWE-119" }, { "category": "general", "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] }, "references": [ { "category": "self", "summary": "CVE-2023-49582", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-49582.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] } ], "title": "CVE-2023-49582" }, { "cve": "CVE-2024-5206", "cwe": { "id": "CWE-921", "name": "Storage of Sensitive Data in a Mechanism without Access Control" }, "notes": [ { "category": "other", "text": "Storage of Sensitive Data in a Mechanism without Access Control", "title": "CWE-921" }, { "category": "other", "text": "Insecure Storage of Sensitive Information", "title": "CWE-922" } ], "product_status": { "known_affected": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] }, "references": [ { "category": "self", "summary": "CVE-2024-5206", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5206.json" } ], "scores": [ { "cvss_v3": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] } ], "title": "CVE-2024-5206" }, { "cve": "CVE-2024-28168", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "notes": [ { "category": "other", "text": "Improper Restriction of XML External Entity Reference", "title": "CWE-611" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] }, "references": [ { "category": "self", "summary": "CVE-2024-28168", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28168.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] } ], "title": "CVE-2024-28168" }, { "cve": "CVE-2024-28219", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" }, "notes": [ { "category": "other", "text": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "title": "CWE-120" }, { "category": "other", "text": "Use of Potentially Dangerous Function", "title": "CWE-676" }, { "category": "other", "text": "Integer Overflow to Buffer Overflow", "title": "CWE-680" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] }, "references": [ { "category": "self", "summary": "CVE-2024-28219", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28219.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "baseScore": 7.3, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] } ], "title": "CVE-2024-28219" }, { "cve": "CVE-2024-35195", "cwe": { "id": "CWE-670", "name": "Always-Incorrect Control Flow Implementation" }, "notes": [ { "category": "other", "text": "Always-Incorrect Control Flow Implementation", "title": "CWE-670" } ], "product_status": { "known_affected": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] }, "references": [ { "category": "self", "summary": "CVE-2024-35195", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35195.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "baseScore": 5.7, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] } ], "title": "CVE-2024-35195" }, { "cve": "CVE-2024-37891", "cwe": { "id": "CWE-669", "name": "Incorrect Resource Transfer Between Spheres" }, "notes": [ { "category": "other", "text": "Incorrect Resource Transfer Between Spheres", "title": "CWE-669" } ], "product_status": { "known_affected": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] }, "references": [ { "category": "self", "summary": "CVE-2024-37891", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.4, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] } ], "title": "CVE-2024-37891" }, { "cve": "CVE-2024-38819", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" }, "notes": [ { "category": "other", "text": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "title": "CWE-22" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] }, "references": [ { "category": "self", "summary": "CVE-2024-38819", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] } ], "title": "CVE-2024-38819" }, { "cve": "CVE-2024-38820", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "notes": [ { "category": "other", "text": "Improper Access Control", "title": "CWE-284" }, { "category": "other", "text": "Improper Handling of Case Sensitivity", "title": "CWE-178" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] }, "references": [ { "category": "self", "summary": "CVE-2024-38820", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] } ], "title": "CVE-2024-38820" }, { "cve": "CVE-2024-38827", "cwe": { "id": "CWE-639", "name": "Authorization Bypass Through User-Controlled Key" }, "notes": [ { "category": "other", "text": "Authorization Bypass Through User-Controlled Key", "title": "CWE-639" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] }, "references": [ { "category": "self", "summary": "CVE-2024-38827", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38827.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] } ], "title": "CVE-2024-38827" }, { "cve": "CVE-2024-47072", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Stack-based Buffer Overflow", "title": "CWE-121" }, { "category": "other", "text": "Deserialization of Untrusted Data", "title": "CWE-502" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] }, "references": [ { "category": "self", "summary": "CVE-2024-47072", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47072.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] } ], "title": "CVE-2024-47072" }, { "cve": "CVE-2024-47554", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "other", "text": "Uncontrolled Resource Consumption", "title": "CWE-400" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] }, "references": [ { "category": "self", "summary": "CVE-2024-47554", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] } ], "title": "CVE-2024-47554" }, { "cve": "CVE-2024-56128", "cwe": { "id": "CWE-303", "name": "Incorrect Implementation of Authentication Algorithm" }, "notes": [ { "category": "other", "text": "Incorrect Implementation of Authentication Algorithm", "title": "CWE-303" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] }, "references": [ { "category": "self", "summary": "CVE-2024-56128", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56128.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 7.4, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] } ], "title": "CVE-2024-56128" }, { "cve": "CVE-2024-56337", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "notes": [ { "category": "other", "text": "Time-of-check Time-of-use (TOCTOU) Race Condition", "title": "CWE-367" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] }, "references": [ { "category": "self", "summary": "CVE-2024-56337", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56337.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] } ], "title": "CVE-2024-56337" }, { "cve": "CVE-2024-57699", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "notes": [ { "category": "other", "text": "Improper Resource Shutdown or Release", "title": "CWE-404" }, { "category": "other", "text": "Uncontrolled Recursion", "title": "CWE-674" }, { "category": "general", "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] }, "references": [ { "category": "self", "summary": "CVE-2024-57699", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-57699.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] } ], "title": "CVE-2024-57699" }, { "cve": "CVE-2025-21573", "product_status": { "known_affected": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] }, "references": [ { "category": "self", "summary": "CVE-2025-21573", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21573.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", "baseScore": 6.0, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] } ], "title": "CVE-2025-21573" }, { "cve": "CVE-2025-23184", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "other", "text": "Uncontrolled Resource Consumption", "title": "CWE-400" } ], "product_status": { "known_affected": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] }, "references": [ { "category": "self", "summary": "CVE-2025-23184", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23184.json" } ], "title": "CVE-2025-23184" }, { "cve": "CVE-2025-24970", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "other", "text": "Improper Input Validation", "title": "CWE-20" }, { "category": "other", "text": "Improper Resource Shutdown or Release", "title": "CWE-404" }, { "category": "general", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "title": "CVSSV4" } ], "product_status": { "known_affected": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] }, "references": [ { "category": "self", "summary": "CVE-2025-24970", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24970.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-2698335", "CSAFPID-1838588", "CSAFPID-1839860", "CSAFPID-1839857", "CSAFPID-2699019", "CSAFPID-1839858", "CSAFPID-2698953", "CSAFPID-2698951", "CSAFPID-2698952", "CSAFPID-2698992", "CSAFPID-2698990", "CSAFPID-2698994", "CSAFPID-1838570", "CSAFPID-1838583", "CSAFPID-2698354", "CSAFPID-1839976", "CSAFPID-1838577", "CSAFPID-1839966", "CSAFPID-2699017", "CSAFPID-1839974", "CSAFPID-2699099", "CSAFPID-2699100", "CSAFPID-2699101", "CSAFPID-1839884", "CSAFPID-2698450", "CSAFPID-2698451", "CSAFPID-2698452", "CSAFPID-1839866", "CSAFPID-2698995", "CSAFPID-1839867", "CSAFPID-1199519", "CSAFPID-1838573", "CSAFPID-1838574", "CSAFPID-1839881", "CSAFPID-1839880", "CSAFPID-1839882", "CSAFPID-2698954", "CSAFPID-1839878", "CSAFPID-2698380", "CSAFPID-2698938", "CSAFPID-1839923", "CSAFPID-1838589", "CSAFPID-1839871", "CSAFPID-2699005" ] } ], "title": "CVE-2025-24970" } ] }