Red Hat 脆弱性

タイムライン

タイプ

製品

Red Hat Enterprise Linux127
Red Hat Linux80
Red Hat JBoss Enterprise Application Platform70
Red Hat Ansible41
Red Hat Satellite30

修復

Official Fix642
Temporary Fix0
Workaround5
Unavailable1
Not Defined417

悪用可能性

High19
Functional0
Proof-of-Concept83
Unproven36
Not Defined927

アクセスベクター

Not Defined0
Physical1
Local291
Adjacent150
Network623

認証

Not Defined0
High24
Low392
None649

ユーザー操作

Not Defined0
Required138
None927

C3BM Index

CVSSv3 Base

≤10
≤20
≤37
≤4142
≤5154
≤6271
≤7201
≤8162
≤978
≤1050

CVSSv3 Temp

≤10
≤20
≤39
≤4152
≤5170
≤6300
≤7197
≤8144
≤965
≤1028

VulDB

≤10
≤21
≤324
≤4198
≤5150
≤6280
≤7146
≤8152
≤965
≤1049

NVD

≤10
≤20
≤33
≤49
≤515
≤672
≤773
≤886
≤949
≤1038

CNA

≤10
≤20
≤32
≤410
≤526
≤632
≤734
≤844
≤915
≤105

ベンダー

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤101

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

0dayエクスプロイト

<1k1
<2k7
<5k145
<10k394
<25k459
<50k59
<100k0
≥100k0

本日のエクスプロイト

<1k677
<2k41
<5k133
<10k160
<25k54
<50k0
<100k0
≥100k0

闇ツールの市場規模

🔴 CTI アクティビティ

Affected Products (263): 3Scale (1), 3scale (1), 3scale API Management (1), 3scale API Management Platform (5), 3scale Admin Portal (1), 389 Directory Server (3), 389-ds-base (1), A-MQ Streams (1), AMQ (2), AMQ Broker (5), Advanced Cluster Management for Kubernetes (6), Advanced Cluster Security (1), Advanced Cluster Security for Kubernetes (1), Aeolus Conductor (1), Ansible (41), Ansible Automation Controller (1), Ansible Automation Hub (1), Ansible Automation Platform (9), Ansible Automation Platform (1), Ansible Base (1), Ansible Community (1), Ansible Engine (16), Ansible Playbooks (1), Ansible Tower (29), Ansible Vault (1), Application Platforms (1), Automatic Bug Reporting Tool (3), Build of Keycloak (3), Business Central (1), CMAN (1), Cairo (1), Ceph (1), Ceph Storage (5), Ceph Storage RGW (1), Ceph Storage RadosGW (2), Certificate Server (2), Certificate System (8), Certification (1), CloudForms (19), CloudForms 2 Management Engine (1), CloudForms 3.0 Management Engine (8), CloudForms 3.1 Management Engine (2), CloudForms Cloud Engine (2), CloudForms Management Engine (5), Cloudforms (1), Cloudforms 3.0 Management Engine (4), Cluster Suite (2), Conga (3), Cygwin (1), Data Grid (1), DataGrid (1), Decision Manager (2), Dependency Analytics Plugin (1), Desktop (1), Developer Hub (1), Directory Server (15), Discovery (1), Discovery Server (1), DocBook Stylesheets (1), Docker (1), Dogtag Certificate System (3), Enterprise Application Platform (3), Enterprise Linux (127), Enterprise Linux AI (1), Enterprise Linux Advanced Virtualization (1), Enterprise Linux Desktop (9), Enterprise Linux HPC Node (5), Enterprise Linux Kernel (1), Enterprise Linux OpenStack (1), Enterprise Linux OpenStack Platform (1), Enterprise Linux Server (5), Enterprise Linux Server Aus (1), Enterprise Linux Server Supplementary (1), Enterprise Linux Workstation (6), Enterprise MRG (13), Enterprise Mrg (4), Enterprise Virtualization (18), Enterprise Virtualization Hypervisor (2), Enterprise Virtualization Manager (19), Evince (4), Fedora (6), Fedora Core (6), Fedora Directory Server (1), Feedhenry Enterprise Mobile Application Platform (1), Fence Agents Remediation Operator (1), FreeIPA (6), Fuse (1), Glint (1), GlusterFS (7), Gluster Storage (6), Gluster Storage Server (1), IcedTea (3), IcedTea-Web (5), IcedTea6 (2), Infinispan (2), InterChange (1), JBoss (15), JBoss A-MQ (6), JBoss Application Server (4), JBoss BPMS (4), JBoss BPM Suite (8), JBoss BRMS (4), JBoss Core Services httpd (2), JBoss Data Grid (4), JBoss Data Virtualization (3), JBoss EAP (11), JBoss Enterprise (10), JBoss Enterprise Application Platform (70), JBoss Enterprise Application Platform Expansion Pack (2), JBoss Enterprise BRMS Platform (3), JBoss Enterprise Portal Platform (11), JBoss Enterprise SOA Platform (2), JBoss Fuse (6), JBoss Operations Network (13), JBoss Portal (5), JBoss Remoting (2), JBossWeb (1), JBoss Web Framework Kit (4), JBoss Web Server (1), JBoss WildFly Application Server (1), Jboss (1), Jboss Enterprise Soa Platform (1), Jboss Enterprise Web (1), Jboss Fuse Esb Enterprise (1), Jbpm-designer (1), KIE Server (1), KON (2), Kernel (1), KeyCloak (4), Keycloak (6), Kie Workbench (1), Linux (83), Linux Advanced Workstation (1), Linux Enterprise (1), Logging Subsystem for OpenShift (1), Luci (1), ManageIQ EVM (1), ManageIQ Enterprise Virtualization Manager (1), Middleware Container (1), Migration Toolkit for Containers (1), Migration Toolkit for Virtualization (1), Mobile Application Platform (2), Multicluster Engine for Kubernetes (1), NetworkManager (1), Network Satelite Server (1), Network Satellite (11), Network Satellite Server (6), Nfs Utils (1), OpenShift (23), OpenShift AI (1), OpenShift API Management (1), OpenShift API for Data Protection (1), OpenShift Application Runtimes (1), OpenShift Assisted Installer (1), OpenShift Container Platform (13), OpenShift Container Platform 3 (1), OpenShift Container Platform Assisted Installer (1), OpenShift Data Science (3), OpenShift Dev Spaces (1), OpenShift Developer Tools and Services (2), OpenShift Distributed Tracing (1), OpenShift Enterprise (14), OpenShift Origin (5), OpenShift Serverless (1), OpenShift Service Mesh (1), OpenShift Source-to-Image Builder Image (1), OpenShift Virtualization (1), OpenStack (16), OpenStack Platform (8), OpenStack Platform Director (3), Openshift (3), Openshift Container Storage (1), Openshift Dedicated (1), Openshift Sandboxed Containers (1), Openshift node-utils (1), Openstack (4), Openstack Enterprise (1), Openstack Folsom (2), PXE Server (1), PackStack (1), PolicyKit (1), Process Automation (3), Process Automation Manager (1), Quarkus (4), Quay (11), QuickStart Cloud Installer (4), RESTEasy (3), RHN (1), RPM (1), RPM Package Manager (8), Red Hat Certificate System (2), Remoting for SOA Platform (1), RichFaces (1), SDL (1), Satellite (30), Satellite 6 (2), Service Interconnect 1 (1), Single Sign-On (14), Single Sign-On 7 (1), Spacewalk (9), Storage (1), Storage Console (1), Storage Server (2), Stronghold (2), Subscription Asset Manager (2), Support for Spring Boot (1), TUX HTTP Server (1), Uberfire (1), Undertow (4), Update Infrastructure (1), Update Infrastructure for Cloud Providers (2), VDI (1), Virtual Desktop Service Manager (1), Virtualization (1), WildFly (11), Wildfly Elytron (1), XML Language Server (1), XML Language Support (1), adminutil (1), cman (1), containers-image (1), dtach (1), enterprise linux (1), gfs2-utils (1), hawtjni (1), insights-client (1), jboss-client (1), jboss-remoting (1), katello-headpin (1), kdelibs (1), kexec-tools (3), keycloak (1), libvirt (17), livecd-tools (1), mcstrans (1), oVirt (1), open-iscsi (1), openshift (5), openshift-clients (1), openshift-logging (1), openstack (1), openstack-neutron (1), openstack-octavia (1), policycoreutils (2), ppp (1), python-eventlet (1), redhat-certification (5), redhat-sso-7 (1), rhevm-dwh (1), rhevm-reports (3), rhncfg (1), rpcbind (1), sos (2), spacewalk-java (2), spice-activex (1), spice-gtk (1), spice-xpi (4), subscription-manager (1), sysreport (1), system-config-firewall (1), system-config-printer (1), up2date (1), yum-rhn-plugin (1)

Link to Vendor Website: https://www.redhat.com/

公開済みBaseTemp脆弱性Prod悪用可修復EPSSCTICVE
2024年10月24日6.16.1Red Hat 3scale API Management Platform APICast 弱い認証Automation SoftwareNot DefinedNot Defined0.000870.00CVE-2024-10295
2024年10月23日3.63.6Red Hat Enterprise Linux PAM shadow 情報の漏洩Operating SystemNot DefinedNot Defined0.000430.09CVE-2024-10041
2024年10月22日4.24.2Red Hat Build of Keycloak Wildfly クロスサイトスクリプティングApplication Server SoftwareNot DefinedNot Defined0.000500.05CVE-2024-10234
2024年10月22日5.35.2Red Hat OpenShift Container Platform Graphql Introspection Query 特権昇格Virtualization SoftwareNot DefinedOfficial Fix0.000450.07CVE-2024-50312
2024年10月22日7.87.8Red Hat Enterprise Linux libreswan Client Plugin for NetworkManager Local Privilege EscalationOperating SystemNot DefinedNot Defined0.000440.04CVE-2024-9050
2024年10月17日5.25.2Red Hat Quay Truncated Password Version 弱い認証未知Not DefinedNot Defined0.000460.04CVE-2024-9683
2024年10月16日4.84.8Red Hat Ansible Automation Platform aap-gateway クロスサイトスクリプティングAutomation SoftwareNot DefinedNot Defined0.000460.09CVE-2024-10033
2024年10月16日5.45.4Red Hat OpenShift Developer Tools and Services ディレクトリトラバーサルOperating SystemNot DefinedNot Defined0.000500.00CVE-2024-9676
2024年10月09日8.58.5Red Hat Keycloak REST API Privilege EscalationApplication Server SoftwareNot DefinedNot Defined0.007790.04CVE-2024-3656
2024年10月09日5.05.0Red Hat 3Scale PDF Invoice 弱い認証未知Not DefinedNot Defined0.000460.00CVE-2024-9671
2024年10月08日3.53.5Red Hat Ansible Automation Platform Ansible Event-Driven Automation 弱い暗号化Automation SoftwareNot DefinedNot Defined0.000460.00CVE-2024-9620
2024年10月02日5.25.2Red Hat Enterprise Linux/OpenShift Container Platform FIPS Mode 特権昇格Operating SystemNot DefinedNot Defined0.000950.05CVE-2024-9341
2024年10月02日4.34.3Red Hat Enterprise Linux/OpenShift Container Platform Bind-propagation Option 特権昇格Operating SystemNot DefinedNot Defined0.000430.03CVE-2024-9407
2024年09月26日3.33.3Red Hat Virtualization oVirt 弱い暗号化Virtualization SoftwareNot DefinedNot Defined0.000490.06CVE-2024-7259
2024年09月19日5.15.1Red Hat Build of Keycloak Redirect URIApplication Server SoftwareNot DefinedNot Defined0.004940.04CVE-2024-8883
2024年09月19日6.36.3Red Hat Build of Keycloak SAML Signature 弱い認証Application Server SoftwareNot DefinedNot Defined0.008960.04CVE-2024-8698
2024年09月19日5.25.2Red Hat Enterprise Linux QEMU core.c usb_ep_get サービス拒否Operating SystemNot DefinedNot Defined0.000430.03CVE-2024-8354
2024年09月19日5.55.5Red Hat Enterprise Linux Performance Co-Pilot メモリ破損Operating SystemNot DefinedNot Defined0.000420.03CVE-2024-45769
2024年09月19日4.94.9Red Hat Enterprise Linux Performance Co-Pilot 特権昇格Operating SystemNot DefinedNot Defined0.000420.03CVE-2024-45770
2024年09月17日5.85.8Red Hat Enterprise Linux AI ilab Model Serve サービス拒否Operating SystemNot DefinedNot Defined0.000430.04CVE-2024-8939
2024年09月16日7.77.7Red Hat OpenShift Controller Manager 構成ミスVirtualization SoftwareNot DefinedNot Defined0.000440.08CVE-2024-45496
2024年09月16日7.37.3Red Hat OpenShift Builder ディレクトリトラバーサルVirtualization SoftwareNot DefinedNot Defined0.000440.03CVE-2024-7387
2024年09月14日4.44.4Red Hat Discovery Ansible Vault File 情報の漏洩Cloud SoftwareNot DefinedNot Defined0.000430.03CVE-2024-8775
2024年09月10日7.27.2Red Hat Quarkus HTTP Request サービス拒否Automation SoftwareNot DefinedNot Defined0.000460.04CVE-2023-6841
2024年09月06日6.46.4Red Hat Migration Toolkit for Virtualization 特権昇格Virtualization SoftwareNot DefinedNot Defined0.000450.00CVE-2024-8509
2024年09月05日5.75.7Red Hat Directory Server/Enterprise Linux 389-ds-base サービス拒否Directory Service SoftwareNot DefinedNot Defined0.000450.04CVE-2024-8445
2024年09月05日5.55.5Red Hat Ansible Automation Controller HTTP Request Privilege EscalationAutomation SoftwareNot DefinedNot Defined0.000450.04CVE-2024-6840
2024年09月04日6.16.1Red Hat Satellite 6 Foreman 弱い認証未知Not DefinedNot Defined0.000660.04CVE-2024-7923
2024年09月04日9.29.2Red Hat Satellite 6 Foreman 弱い認証未知Not DefinedNot Defined0.000660.08CVE-2024-7012
2024年09月03日5.15.1Red Hat Keycloak Bruteforce Protection 情報の漏洩Application Server SoftwareNot DefinedNot Defined0.000850.05CVE-2024-4629
2024年08月30日6.06.0Red Hat Enterprise Linux libvirt サービス拒否Operating SystemNot DefinedNot Defined0.000440.00CVE-2024-8235
2024年08月20日6.46.4Red Hat OpenStack Platform Director TLS 弱い暗号化Cloud SoftwareNot DefinedNot Defined0.000910.04CVE-2024-8007
2024年08月19日6.26.2Red Hat Undertow Proxy Protocol Parser 情報の漏洩未知Not DefinedNot Defined0.000980.04CVE-2024-7885
2024年08月19日5.35.3Red Hat OpenShift Console 弱い暗号化Virtualization SoftwareNot DefinedNot Defined0.000450.04CVE-2024-6508
2024年08月12日6.66.6Red Hat Satellite Host Init Config Template 特権昇格未知Not DefinedNot Defined0.000430.04CVE-2024-7700
2024年08月12日8.88.8Red Hat Fence Agents Remediation Operator SSH/Telnet 特権昇格未知Not DefinedNot Defined0.000450.03CVE-2024-5651
2024年08月09日7.77.7Red Hat OpenShift AI/OpenShift Data Science 特権昇格Virtualization SoftwareNot DefinedNot Defined0.000500.04CVE-2024-7557
2024年08月07日6.66.5Red Hat Ansible Automation Platform Role-Based Access Control add_roles_for_object_creator 構成ミスAutomation SoftwareNot DefinedOfficial Fix0.000700.03CVE-2024-7143
2024年08月05日4.84.8Red Hat Enterprise Linux libnbd 弱い認証Operating SystemNot DefinedNot Defined0.000440.00CVE-2024-7383
2024年08月02日4.84.8Red Hat OpenStack Platform openstack-heat 情報の漏洩Cloud SoftwareNot DefinedNot Defined0.000450.04CVE-2024-7319
2024年07月26日5.35.3Red Hat OpenShift Container Platform openShiftAuth authHandlerWithUser 弱い認証Virtualization SoftwareNot DefinedNot Defined0.000430.03CVE-2024-7128
2024年07月24日6.56.5Red Hat OpenShift Container Platform verify authHandlerWithUser 弱い認証Virtualization SoftwareNot DefinedNot Defined0.000490.00CVE-2024-7079
2024年07月17日5.05.0Red Hat Service Interconnect 1 Skupper 情報の漏洩未知Not DefinedNot Defined0.000520.00CVE-2024-6535
2024年07月08日6.36.3Red Hat Enterprise Linux SIGALRM syslog Remote Code ExecutionOperating SystemNot DefinedNot Defined0.000440.03CVE-2024-6409
2024年07月03日3.03.0Red Hat Enterprise Linux cockpit サービス拒否Operating SystemNot DefinedNot Defined0.000430.08CVE-2024-6126
2024年06月19日5.55.5Red Hat Undertow ajp-listener サービス拒否未知Not DefinedNot Defined0.000440.04CVE-2024-6162
2024年06月18日2.72.7Red Hat Keycloak/Single Sign-On 7 Connection URL 特権昇格未知Not DefinedNot Defined0.000440.00CVE-2024-5967
2024年06月13日7.57.5Red Hat Openshift Hive Privilege EscalationVirtualization SoftwareNot DefinedNot Defined0.000000.00CVE-2024-25133
2024年06月12日4.54.5Red Hat Quay Client ID Privilege Escalation未知Not DefinedNot Defined0.000450.04CVE-2024-5891
2024年06月12日5.55.5Red Hat Openshift Dedicated Custom Defined Resource 特権昇格Virtualization SoftwareNot DefinedNot Defined0.000000.00CVE-2024-25131

1015 非表示のエントリあり

Want to stay up to date on a daily basis?

Enable the mail alert feature now!