{
  "document" : {
    "aggregate_severity" : {
      "text" : "mittel"
    },
    "category" : "csaf_base",
    "csaf_version" : "2.0",
    "distribution" : {
      "tlp" : {
        "label" : "WHITE",
        "url" : "https://www.first.org/tlp/"
      }
    },
    "lang" : "de-DE",
    "notes" : [ {
      "category" : "legal_disclaimer",
      "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen."
    }, {
      "category" : "description",
      "text" : "OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.",
      "title" : "Produktbeschreibung"
    }, {
      "category" : "summary",
      "text" : "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuführen und um kryptografische Sicherheitsmechanismen zu umgehen.",
      "title" : "Angriff"
    }, {
      "category" : "general",
      "text" : "- Appliance\n- CISCO Appliance\n- Hardware Appliance\n- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows",
      "title" : "Betroffene Betriebssysteme"
    } ],
    "publisher" : {
      "category" : "other",
      "contact_details" : "csaf-provider@cert-bund.de",
      "name" : "Bundesamt für Sicherheit in der Informationstechnik",
      "namespace" : "https://www.bsi.bund.de"
    },
    "references" : [ {
      "category" : "self",
      "summary" : "WID-SEC-W-2022-0671 - CSAF Version",
      "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-0671.json"
    }, {
      "category" : "self",
      "summary" : "WID-SEC-2022-0671 - Portal Version",
      "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0671"
    }, {
      "category" : "external",
      "summary" : "OpenSSL Security Advisory 20210325 vom 2021-03-25",
      "url" : "https://www.openssl.org/news/secadv/20210325.txt"
    }, {
      "category" : "external",
      "summary" : "Ubuntu Security Notice USN-4891-1 vom 2021-03-25",
      "url" : "https://ubuntu.com/security/notices/USN-4891-1"
    }, {
      "category" : "external",
      "summary" : "Debian Security Advisory DSA-4875 vom 2021-03-25",
      "url" : "https://www.debian.org/security/2021/dsa-4875"
    }, {
      "category" : "external",
      "summary" : "SUSE Security Update SUSE-SU-2021:0954-1 vom 2021-03-25",
      "url" : "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008558.html"
    }, {
      "category" : "external",
      "summary" : "SUSE Security Update SUSE-SU-2021:0955-1 vom 2021-03-25",
      "url" : "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008559.html"
    }, {
      "category" : "external",
      "summary" : "FreeBSD Security Advisory FreeBSD-SA-21:07.openssl vom 2021-03-25",
      "url" : "https://security.freebsd.org/advisories/FreeBSD-SA-21:07.openssl.asc"
    }, {
      "category" : "external",
      "summary" : "Arch Linux Security Advisory ASA-202103-10 vom 2021-03-25",
      "url" : "https://security.archlinux.org/ASA-202103-10"
    }, {
      "category" : "external",
      "summary" : "Cisco Security Advisory cisco-sa-openssl-2021-GHY28dJd vom 2021-03-25",
      "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
    }, {
      "category" : "external",
      "summary" : "PoC CVE-2021-3449",
      "url" : "https://github.com/terorie/cve-2021-3449"
    }, {
      "category" : "external",
      "summary" : "Amazon Linux Security Advisory ALAS-2021-1622 vom 2021-03-26",
      "url" : "https://alas.aws.amazon.com/AL2/ALAS-2021-1622.html"
    }, {
      "category" : "external",
      "summary" : "Oracle Linux Security Advisory ELSA-2021-1024 vom 2021-03-30",
      "url" : "https://linux.oracle.com/errata/ELSA-2021-1024.html"
    }, {
      "category" : "external",
      "summary" : "Cisco Security Advisory cisco-sa-openssl-2021-GHY28dJd vom 2021-03-29",
      "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2021:1024 vom 2021-03-30",
      "url" : "https://access.redhat.com/errata/RHSA-2021:1024"
    }, {
      "category" : "external",
      "summary" : "Nessus Network Monitor Security Advisory",
      "url" : "https://de.tenable.com/security/tns-2021-09"
    }, {
      "category" : "external",
      "summary" : "HPE Security Bulletin hpesbst04140en_us vom 2021-06-02",
      "url" : "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-hpesbst04140en_us"
    }, {
      "category" : "external",
      "summary" : "Oracle Linux Security Advisory ELSA-2021-9151 vom 2021-04-01",
      "url" : "https://linux.oracle.com/errata/ELSA-2021-9151.html"
    }, {
      "category" : "external",
      "summary" : "Unify Security Advisory Report OBSO-2103-01 vom 2021-03-31",
      "url" : "https://networks.unify.com/security/advisories/OBSO-2103-01.pdf"
    }, {
      "category" : "external",
      "summary" : "Gentoo Linux Security Advisory GLSA-202103-03 vom 2021-03-31",
      "url" : "https://security.gentoo.org/glsa/202103-03"
    }, {
      "category" : "external",
      "summary" : "Cisco Security Advisory cisco-sa-openssl-2021-GHY28dJd vom 2021-03-31",
      "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
    }, {
      "category" : "external",
      "summary" : "Cisco Security Advisory cisco-sa-openssl-2021-GHY28dJd vom 2021-04-05",
      "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
    }, {
      "category" : "external",
      "summary" : "Tenable Security Advisory",
      "url" : "https://de.tenable.com/security/tns-2021-05"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2021:1063 vom 2021-04-05",
      "url" : "https://access.redhat.com/errata/RHSA-2021:1063"
    }, {
      "category" : "external",
      "summary" : "Brocade Security Advisory",
      "url" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1440"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2021:1131 vom 2021-04-07",
      "url" : "https://access.redhat.com/errata/RHSA-2021:1131"
    }, {
      "category" : "external",
      "summary" : "SUSE Security Update SUSE-SU-2021:1109-1 vom 2021-04-09",
      "url" : "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008603.html"
    }, {
      "category" : "external",
      "summary" : "Tenable Security Advisory",
      "url" : "https://de.tenable.com/security/tns-2021-08"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2021:1168 vom 2021-04-13",
      "url" : "https://access.redhat.com/errata/RHSA-2021:1168"
    }, {
      "category" : "external",
      "summary" : "AVAYA Security Advisory ASA-2021-025 vom 2021-04-13",
      "url" : "https://downloads.avaya.com/css/P8/documents/101075304"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2021:1202 vom 2021-04-14",
      "url" : "https://access.redhat.com/errata/RHSA-2021:1202"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2021:1200 vom 2021-04-14",
      "url" : "https://access.redhat.com/errata/RHSA-2021:1200"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2021:1199 vom 2021-04-14",
      "url" : "https://access.redhat.com/errata/RHSA-2021:1199"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2021:1189 vom 2021-04-14",
      "url" : "https://access.redhat.com/errata/RHSA-2021:1189"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2021:1203 vom 2021-04-14",
      "url" : "https://access.redhat.com/errata/RHSA-2021:1203"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2021:1196 vom 2021-04-14",
      "url" : "https://access.redhat.com/errata/RHSA-2021:1196"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2021:1195 vom 2021-04-14",
      "url" : "https://access.redhat.com/errata/RHSA-2021:1195"
    }, {
      "category" : "external",
      "summary" : "McAfee Security Bulletin",
      "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10356"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2021:2041 vom 2021-05-19",
      "url" : "https://access.redhat.com/errata/RHSA-2021:2041"
    }, {
      "category" : "external",
      "summary" : "Meinberg Security Advisory MBGSA-2021.02 vom 2021-04-20",
      "url" : "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2021-02-meinberg-lantime-firmware-v7-02-003-und-v6-24-028.htm"
    }, {
      "category" : "external",
      "summary" : "Hitachi Vulnerability Information HITACHI-SEC-2021-117 vom 2021-05-21",
      "url" : "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-117/index.html"
    }, {
      "category" : "external",
      "summary" : "Hitachi Vulnerability Information HITACHI-SEC-2021-119 vom 2021-05-21",
      "url" : "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-119/index.html"
    }, {
      "category" : "external",
      "summary" : "Meinberg Security Advisory",
      "url" : "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2021-02-meinberg-lantime-firmware-v7-02-003-und-v6-24-028.htm"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2021:1338 vom 2021-04-22",
      "url" : "https://access.redhat.com/errata/RHSA-2021:1338"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2021:1230 vom 2021-04-27",
      "url" : "https://access.redhat.com/errata/RHSA-2021:1230"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2021:1448 vom 2021-04-28",
      "url" : "https://access.redhat.com/errata/RHSA-2021:1448"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2021:2479 vom 2021-06-17",
      "url" : "https://access.redhat.com/errata/RHSA-2021:2479"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2021:2532 vom 2021-06-23",
      "url" : "https://access.redhat.com/errata/RHSA-2021:2532"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2021:2543 vom 2021-06-24",
      "url" : "https://access.redhat.com/errata/RHSA-2021:2543"
    }, {
      "category" : "external",
      "summary" : "Pulse Secure Security Advisory SA44845 vom 2021-07-14",
      "url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845/?kA23Z000000L6ooSAC="
    }, {
      "category" : "external",
      "summary" : "SUSE Security Update SUSE-SU-2021:2326-1 vom 2021-07-14",
      "url" : "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009136.html"
    }, {
      "category" : "external",
      "summary" : "SUSE Security Update SUSE-SU-2021:2323-1 vom 2021-07-14",
      "url" : "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009135.html"
    }, {
      "category" : "external",
      "summary" : "SUSE Security Update SUSE-SU-2021:2327-1 vom 2021-07-14",
      "url" : "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009139.html"
    }, {
      "category" : "external",
      "summary" : "SUSE Security Update SUSE-SU-2021:2353-1 vom 2021-07-15",
      "url" : "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009145.html"
    }, {
      "category" : "external",
      "summary" : "HPE Security Bulletin",
      "url" : "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-hpesbst04142en_us"
    }, {
      "category" : "external",
      "summary" : "HCL Article KB0090800 vom 2021-08-03",
      "url" : "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0090800"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2021:3016 vom 2021-08-06",
      "url" : "https://access.redhat.com/errata/RHSA-2021:3016"
    }, {
      "category" : "external",
      "summary" : "Ubuntu Security Notice USN-5038-1 vom 2021-08-12",
      "url" : "https://ubuntu.com/security/notices/USN-5038-1"
    }, {
      "category" : "external",
      "summary" : "Debian Security Advisory DLA-2751 vom 2021-08-31",
      "url" : "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2021:3556 vom 2021-09-17",
      "url" : "https://access.redhat.com/errata/RHSA-2021:3556"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2022:0056 vom 2022-03-10",
      "url" : "https://access.redhat.com/errata/RHSA-2022:0056"
    }, {
      "category" : "external",
      "summary" : "HPE Security Bulletin",
      "url" : "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbux04309en_us&hprpt_id=ALERT_HPE_3024068&jumpid=em_pom8nu6hj_aid-520066529"
    }, {
      "category" : "external",
      "summary" : "SUSE Security Update SUSE-SU-2021:0955-2 vom 2022-07-13",
      "url" : "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011541.html"
    }, {
      "category" : "external",
      "summary" : "Oracle Linux Security Advisory ELSA-2023-13026 vom 2023-12-07",
      "url" : "https://linux.oracle.com/errata/ELSA-2023-13026.html"
    }, {
      "category" : "external",
      "summary" : "Oracle Linux Security Advisory ELSA-2023-13024 vom 2023-12-07",
      "url" : "https://linux.oracle.com/errata/ELSA-2023-13024.html"
    }, {
      "category" : "external",
      "summary" : "Oracle Linux Security Advisory ELSA-2023-13025 vom 2023-12-07",
      "url" : "https://linux.oracle.com/errata/ELSA-2023-13025.html"
    }, {
      "category" : "external",
      "summary" : "Oracle Linux Security Advisory ELSA-2023-32791 vom 2023-12-07",
      "url" : "https://linux.oracle.com/errata/ELSA-2023-32791.html"
    }, {
      "category" : "external",
      "summary" : "Oracle Linux Security Advisory ELSA-2023-32790 vom 2023-12-07",
      "url" : "https://linux.oracle.com/errata/ELSA-2023-32790.html"
    }, {
      "category" : "external",
      "summary" : "Oracle Linux Security Advisory ELSA-2023-13027 vom 2023-12-07",
      "url" : "https://linux.oracle.com/errata/ELSA-2023-13027.html"
    }, {
      "category" : "external",
      "summary" : "Amazon Linux Security Advisory ALAS-2024-2502 vom 2024-03-19",
      "url" : "https://alas.aws.amazon.com/AL2/ALAS-2024-2502.html"
    }, {
      "category" : "external",
      "summary" : "Oracle Linux Security Advisory ELSA-2024-12408 vom 2024-06-05",
      "url" : "https://linux.oracle.com/errata/ELSA-2024-12408.html"
    }, {
      "category" : "external",
      "summary" : "Oracle Linux Security Advisory ELSA-2024-12842 vom 2024-11-25",
      "url" : "https://linux.oracle.com/errata/ELSA-2024-12842.html"
    } ],
    "source_lang" : "en-US",
    "title" : "OpenSSL: Mehrere Schwachstellen",
    "tracking" : {
      "current_release_date" : "2024-11-25T23:00:00.000+00:00",
      "generator" : {
        "date" : "2024-11-26T09:24:52.224+00:00",
        "engine" : {
          "name" : "BSI-WID",
          "version" : "1.3.8"
        }
      },
      "id" : "WID-SEC-W-2022-0671",
      "initial_release_date" : "2021-03-25T23:00:00.000+00:00",
      "revision_history" : [ {
        "date" : "2021-03-25T23:00:00.000+00:00",
        "number" : "1",
        "summary" : "Initiale Fassung"
      }, {
        "date" : "2021-03-28T22:00:00.000+00:00",
        "number" : "2",
        "summary" : "Neue Updates von Amazon aufgenommen"
      }, {
        "date" : "2021-03-29T22:00:00.000+00:00",
        "number" : "3",
        "summary" : "Neue Updates von Oracle Linux, Cisco und Red Hat aufgenommen"
      }, {
        "date" : "2021-03-30T22:00:00.000+00:00",
        "number" : "4",
        "summary" : "Referenz(en) aufgenommen: FEDORA-2021-CBF14AB8F9"
      }, {
        "date" : "2021-03-31T22:00:00.000+00:00",
        "number" : "5",
        "summary" : "Neue Updates von Cisco, Oracle Linux, Unify und Gentoo aufgenommen"
      }, {
        "date" : "2021-04-05T22:00:00.000+00:00",
        "number" : "6",
        "summary" : "Neue Updates von Cisco aufgenommen"
      }, {
        "date" : "2021-04-07T22:00:00.000+00:00",
        "number" : "7",
        "summary" : "Neue Updates von Red Hat aufgenommen"
      }, {
        "date" : "2021-04-08T22:00:00.000+00:00",
        "number" : "8",
        "summary" : "Neue Updates von SUSE und Tenable aufgenommen"
      }, {
        "date" : "2021-04-12T22:00:00.000+00:00",
        "number" : "9",
        "summary" : "Neue Updates von Red Hat aufgenommen"
      }, {
        "date" : "2021-04-14T22:00:00.000+00:00",
        "number" : "10",
        "summary" : "Neue Updates von AVAYA und Red Hat aufgenommen"
      }, {
        "date" : "2021-04-15T22:00:00.000+00:00",
        "number" : "11",
        "summary" : "Neue Updates von McAfee aufgenommen"
      }, {
        "date" : "2021-04-19T22:00:00.000+00:00",
        "number" : "12",
        "summary" : "Neue Updates von Meinberg aufgenommen"
      }, {
        "date" : "2021-04-20T22:00:00.000+00:00",
        "number" : "13",
        "summary" : "Neue Updates aufgenommen"
      }, {
        "date" : "2021-04-22T22:00:00.000+00:00",
        "number" : "14",
        "summary" : "Neue Updates von Red Hat aufgenommen"
      }, {
        "date" : "2021-04-26T22:00:00.000+00:00",
        "number" : "15",
        "summary" : "Neue Updates von Red Hat aufgenommen"
      }, {
        "date" : "2021-04-28T22:00:00.000+00:00",
        "number" : "16",
        "summary" : "Neue Updates von Red Hat aufgenommen"
      }, {
        "date" : "2021-05-11T22:00:00.000+00:00",
        "number" : "17",
        "summary" : "Neue Updates von Tenable aufgenommen"
      }, {
        "date" : "2021-05-16T22:00:00.000+00:00",
        "number" : "18",
        "summary" : "Neue Updates von BROCADE aufgenommen"
      }, {
        "date" : "2021-05-18T22:00:00.000+00:00",
        "number" : "19",
        "summary" : "Neue Updates von Red Hat aufgenommen"
      }, {
        "date" : "2021-05-20T22:00:00.000+00:00",
        "number" : "20",
        "summary" : "Neue Updates von HITACHI aufgenommen"
      }, {
        "date" : "2021-06-03T22:00:00.000+00:00",
        "number" : "21",
        "summary" : "Neue Updates von HPE aufgenommen"
      }, {
        "date" : "2021-06-17T22:00:00.000+00:00",
        "number" : "22",
        "summary" : "Neue Updates von Red Hat aufgenommen"
      }, {
        "date" : "2021-06-23T22:00:00.000+00:00",
        "number" : "23",
        "summary" : "Neue Updates von Red Hat aufgenommen"
      }, {
        "date" : "2021-06-24T22:00:00.000+00:00",
        "number" : "24",
        "summary" : "Neue Updates von Red Hat aufgenommen"
      }, {
        "date" : "2021-07-13T22:00:00.000+00:00",
        "number" : "25",
        "summary" : "Neue Updates von Pulse Secure aufgenommen"
      }, {
        "date" : "2021-07-14T22:00:00.000+00:00",
        "number" : "26",
        "summary" : "Neue Updates von SUSE aufgenommen"
      }, {
        "date" : "2021-07-15T22:00:00.000+00:00",
        "number" : "27",
        "summary" : "Neue Updates von SUSE aufgenommen"
      }, {
        "date" : "2021-07-25T22:00:00.000+00:00",
        "number" : "28",
        "summary" : "Neue Updates von HP aufgenommen"
      }, {
        "date" : "2021-08-02T22:00:00.000+00:00",
        "number" : "29",
        "summary" : "Neue Updates von HCL aufgenommen"
      }, {
        "date" : "2021-08-05T22:00:00.000+00:00",
        "number" : "30",
        "summary" : "Neue Updates von Red Hat aufgenommen"
      }, {
        "date" : "2021-08-12T22:00:00.000+00:00",
        "number" : "31",
        "summary" : "Neue Updates von Ubuntu aufgenommen"
      }, {
        "date" : "2021-08-31T22:00:00.000+00:00",
        "number" : "32",
        "summary" : "Neue Updates von Debian aufgenommen"
      }, {
        "date" : "2021-09-16T22:00:00.000+00:00",
        "number" : "33",
        "summary" : "Neue Updates von Red Hat aufgenommen"
      }, {
        "date" : "2022-03-10T23:00:00.000+00:00",
        "number" : "34",
        "summary" : "Neue Updates von Red Hat aufgenommen"
      }, {
        "date" : "2022-05-22T22:00:00.000+00:00",
        "number" : "35",
        "summary" : "Neue Updates von HP aufgenommen"
      }, {
        "date" : "2022-07-13T22:00:00.000+00:00",
        "number" : "36",
        "summary" : "Neue Updates von SUSE aufgenommen"
      }, {
        "date" : "2023-12-07T23:00:00.000+00:00",
        "number" : "37",
        "summary" : "Neue Updates von Oracle Linux aufgenommen"
      }, {
        "date" : "2024-03-18T23:00:00.000+00:00",
        "number" : "38",
        "summary" : "Neue Updates von Amazon aufgenommen"
      }, {
        "date" : "2024-06-04T22:00:00.000+00:00",
        "number" : "39",
        "summary" : "Neue Updates von Oracle Linux aufgenommen"
      }, {
        "date" : "2024-11-25T23:00:00.000+00:00",
        "number" : "40",
        "summary" : "Neue Updates von Oracle Linux aufgenommen"
      } ],
      "status" : "final",
      "version" : "40"
    }
  },
  "product_tree" : {
    "branches" : [ {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Amazon Linux 2",
        "product" : {
          "name" : "Amazon Linux 2",
          "product_id" : "398363",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:amazon:linux_2:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Amazon"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Avaya Aura Experience Portal",
        "product" : {
          "name" : "Avaya Aura Experience Portal",
          "product_id" : "T015519",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:avaya:aura_experience_portal:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Avaya"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Broadcom Brocade Switch",
        "product" : {
          "name" : "Broadcom Brocade Switch",
          "product_id" : "T015844",
          "product_identification_helper" : {
            "cpe" : "cpe:/h:brocade:switch:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Broadcom"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Cisco Firepower",
        "product" : {
          "name" : "Cisco Firepower",
          "product_id" : "T011337",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:cisco:firepower:-"
          }
        }
      }, {
        "category" : "product_name",
        "name" : "Cisco IP Phone",
        "product" : {
          "name" : "Cisco IP Phone",
          "product_id" : "2070",
          "product_identification_helper" : {
            "cpe" : "cpe:/h:cisco:ip_phone:-"
          }
        }
      }, {
        "category" : "product_name",
        "name" : "Cisco Identity Services Engine (ISE)",
        "product" : {
          "name" : "Cisco Identity Services Engine (ISE)",
          "product_id" : "T000612",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:cisco:identity_services_engine_software:-"
          }
        }
      }, {
        "category" : "product_name",
        "name" : "Cisco Jabber",
        "product" : {
          "name" : "Cisco Jabber",
          "product_id" : "T013379",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:cisco:jabber:-"
          }
        }
      }, {
        "category" : "product_name",
        "name" : "Cisco Meeting Server",
        "product" : {
          "name" : "Cisco Meeting Server",
          "product_id" : "T018748",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:cisco:meeting_server:-"
          }
        }
      }, {
        "branches" : [ {
          "category" : "product_version",
          "name" : "3000",
          "product" : {
            "name" : "Cisco Nexus 3000",
            "product_id" : "T003851",
            "product_identification_helper" : {
              "cpe" : "cpe:/h:cisco:nexus:3000"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "9000",
          "product" : {
            "name" : "Cisco Nexus 9000",
            "product_id" : "T003853",
            "product_identification_helper" : {
              "cpe" : "cpe:/h:cisco:nexus:9000"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Nexus"
      }, {
        "category" : "product_name",
        "name" : "Cisco Prime Infrastructure",
        "product" : {
          "name" : "Cisco Prime Infrastructure",
          "product_id" : "T000756",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:cisco:prime_infrastructure:-"
          }
        }
      }, {
        "branches" : [ {
          "category" : "product_version",
          "name" : "c800 series",
          "product" : {
            "name" : "Cisco Router c800 series",
            "product_id" : "T018745",
            "product_identification_helper" : {
              "cpe" : "cpe:/h:cisco:router:c800_series"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Router"
      }, {
        "category" : "product_name",
        "name" : "Cisco SD-WAN",
        "product" : {
          "name" : "Cisco SD-WAN",
          "product_id" : "T015770",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:cisco:sd_wan:-"
          }
        }
      }, {
        "branches" : [ {
          "category" : "product_version",
          "name" : "RV320",
          "product" : {
            "name" : "Cisco Small Business RV320",
            "product_id" : "T013513",
            "product_identification_helper" : {
              "cpe" : "cpe:/h:cisco:small_business:rv320"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "RV325",
          "product" : {
            "name" : "Cisco Small Business RV325",
            "product_id" : "T013514",
            "product_identification_helper" : {
              "cpe" : "cpe:/h:cisco:small_business:rv325"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "RV130",
          "product" : {
            "name" : "Cisco Small Business RV130",
            "product_id" : "T018066",
            "product_identification_helper" : {
              "cpe" : "cpe:/h:cisco:small_business:rv130"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Small Business"
      }, {
        "category" : "product_name",
        "name" : "Cisco Unified Computing System (UCS)",
        "product" : {
          "name" : "Cisco Unified Computing System (UCS)",
          "product_id" : "163824",
          "product_identification_helper" : {
            "cpe" : "cpe:/h:cisco:unified_computing_system:-"
          }
        }
      }, {
        "branches" : [ {
          "category" : "product_version",
          "name" : "RV130",
          "product" : {
            "name" : "Cisco Unified Contact Center Enterprise RV130",
            "product_id" : "2143",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:cisco:unified_contact_center_enterprise:-"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Unified Contact Center Enterprise"
      }, {
        "branches" : [ {
          "category" : "product_version",
          "name" : "RV130",
          "product" : {
            "name" : "Cisco Unified Intelligent Contact Manager (ICM) RV130",
            "product_id" : "69412",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:cisco:unified_intelligent_contact_management_enterprise:-"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Unified Intelligent Contact Manager (ICM)"
      }, {
        "branches" : [ {
          "category" : "product_version",
          "name" : "Media Server",
          "product" : {
            "name" : "Cisco Video Surveillance Media Server",
            "product_id" : "T018749",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:cisco:video_surveillance_software:media_server"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Video Surveillance"
      }, {
        "category" : "product_name",
        "name" : "Cisco Web Security Appliance",
        "product" : {
          "name" : "Cisco Web Security Appliance",
          "product_id" : "T007921",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:cisco:web_security_appliance:-"
          }
        }
      }, {
        "branches" : [ {
          "category" : "product_name",
          "name" : "Cisco WebEx Meetings Server",
          "product" : {
            "name" : "Cisco WebEx Meetings Server",
            "product_id" : "T001747",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:cisco:webex:-"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "Wireless Phone",
          "product" : {
            "name" : "Cisco WebEx Wireless Phone",
            "product_id" : "T018746",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:cisco:webex:wireless_phone"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "Room Phone",
          "product" : {
            "name" : "Cisco WebEx Room Phone",
            "product_id" : "T018747",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:cisco:webex:room_phone"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "Meetings for iOS",
          "product" : {
            "name" : "Cisco WebEx Meetings for iOS",
            "product_id" : "T018759",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:cisco:webex:meetings_for_ios"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "Video Mesh",
          "product" : {
            "name" : "Cisco WebEx Video Mesh",
            "product_id" : "T018760",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:cisco:webex:video_mesh"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "WebEx"
      }, {
        "branches" : [ {
          "category" : "product_version",
          "name" : "wap121",
          "product" : {
            "name" : "Cisco Wireless Access Point wap121",
            "product_id" : "T018761",
            "product_identification_helper" : {
              "cpe" : "cpe:/h:cisco:wap:wap121"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "wap321",
          "product" : {
            "name" : "Cisco Wireless Access Point wap321",
            "product_id" : "T018762",
            "product_identification_helper" : {
              "cpe" : "cpe:/h:cisco:wap:wap321"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "wap371",
          "product" : {
            "name" : "Cisco Wireless Access Point wap371",
            "product_id" : "T018763",
            "product_identification_helper" : {
              "cpe" : "cpe:/h:cisco:wap:wap371"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Wireless Access Point"
      }, {
        "branches" : [ {
          "category" : "product_version",
          "name" : "8821",
          "product" : {
            "name" : "Cisco Wireless IP Phone 8821",
            "product_id" : "T015978",
            "product_identification_helper" : {
              "cpe" : "cpe:/h:cisco:wireless_ip_phone:8821"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Wireless IP Phone"
      } ],
      "category" : "vendor",
      "name" : "Cisco"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Debian Linux",
        "product" : {
          "name" : "Debian Linux",
          "product_id" : "2951",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:debian:debian_linux:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Debian"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Gentoo Linux",
        "product" : {
          "name" : "Gentoo Linux",
          "product_id" : "T012167",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:gentoo:linux:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Gentoo"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "HCL BigFix",
        "product" : {
          "name" : "HCL BigFix",
          "product_id" : "T017494",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:hcltech:bigfix:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "HCL"
    }, {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_version_range",
          "name" : "<9.0.1b",
          "product" : {
            "name" : "HPE Fabric OS <9.0.1b",
            "product_id" : "T019364"
          }
        }, {
          "category" : "product_version",
          "name" : "9.0.1b",
          "product" : {
            "name" : "HPE Fabric OS 9.0.1b",
            "product_id" : "T019364-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/o:hpe:fabric_os:9.0.1b"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "<8.2.3",
          "product" : {
            "name" : "HPE Fabric OS <8.2.3",
            "product_id" : "T019365"
          }
        }, {
          "category" : "product_version",
          "name" : "8.2.3",
          "product" : {
            "name" : "HPE Fabric OS 8.2.3",
            "product_id" : "T019365-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/o:hpe:fabric_os:8.2.3"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Fabric OS"
      }, {
        "category" : "product_name",
        "name" : "HPE Switch",
        "product" : {
          "name" : "HPE Switch",
          "product_id" : "T005119",
          "product_identification_helper" : {
            "cpe" : "cpe:/h:hp:switch:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "HPE"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Hitachi Ops Center",
        "product" : {
          "name" : "Hitachi Ops Center",
          "product_id" : "T017562",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:hitachi:ops_center:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Hitachi"
    }, {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_version",
          "name" : "11.x",
          "product" : {
            "name" : "McAfee Data Loss Prevention 11.x",
            "product_id" : "T018908",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:mcafee:data_loss_prevention:11.x"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Data Loss Prevention"
      }, {
        "category" : "product_name",
        "name" : "McAfee Threat Intelligence Exchange",
        "product" : {
          "name" : "McAfee Threat Intelligence Exchange",
          "product_id" : "T014994",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:mcafee:threat_intelligence_exchange:-"
          }
        }
      }, {
        "category" : "product_name",
        "name" : "McAfee Web Gateway",
        "product" : {
          "name" : "McAfee Web Gateway",
          "product_id" : "T003324",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:mcafee:web_gateway:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "McAfee"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Meinberg LANTIME",
        "product" : {
          "name" : "Meinberg LANTIME",
          "product_id" : "T018353",
          "product_identification_helper" : {
            "cpe" : "cpe:/h:meinberg:lantime:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Meinberg"
    }, {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_version_range",
          "name" : "<1.1.1k",
          "product" : {
            "name" : "Open Source OpenSSL <1.1.1k",
            "product_id" : "T018712"
          }
        }, {
          "category" : "product_version",
          "name" : "1.1.1k",
          "product" : {
            "name" : "Open Source OpenSSL 1.1.1k",
            "product_id" : "T018712-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:openssl:openssl:1.1.1k"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "OpenSSL"
      } ],
      "category" : "vendor",
      "name" : "Open Source"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Oracle Linux",
        "product" : {
          "name" : "Oracle Linux",
          "product_id" : "T004914",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:oracle:linux:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Oracle"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Pulse Secure Pulse Connect Secure",
        "product" : {
          "name" : "Pulse Secure Pulse Connect Secure",
          "product_id" : "T016869",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:pulsesecure:pulse_connect_secure:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Pulse Secure"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Red Hat Enterprise Linux",
        "product" : {
          "name" : "Red Hat Enterprise Linux",
          "product_id" : "67646",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:redhat:enterprise_linux:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Red Hat"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "SUSE Linux",
        "product" : {
          "name" : "SUSE Linux",
          "product_id" : "T002207",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:suse:suse_linux:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "SUSE"
    }, {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_version_range",
          "name" : "<8.13.2",
          "product" : {
            "name" : "Tenable Security Nessus <8.13.2",
            "product_id" : "T018777"
          }
        }, {
          "category" : "product_version",
          "name" : "8.13.2",
          "product" : {
            "name" : "Tenable Security Nessus 8.13.2",
            "product_id" : "T018777-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:tenable:nessus:8.13.2"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Nessus"
      }, {
        "branches" : [ {
          "category" : "product_version_range",
          "name" : "<5.13.1",
          "product" : {
            "name" : "Tenable Security Nessus Network Monitor <5.13.1",
            "product_id" : "T019318"
          }
        }, {
          "category" : "product_version",
          "name" : "5.13.1",
          "product" : {
            "name" : "Tenable Security Nessus Network Monitor 5.13.1",
            "product_id" : "T019318-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:tenable:nessus_network_monitor:5.13.1"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Nessus Network Monitor"
      } ],
      "category" : "vendor",
      "name" : "Tenable Security"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Ubuntu Linux",
        "product" : {
          "name" : "Ubuntu Linux",
          "product_id" : "T000126",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:canonical:ubuntu_linux:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Ubuntu"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Unify OpenScape 4000",
        "product" : {
          "name" : "Unify OpenScape 4000",
          "product_id" : "T018011",
          "product_identification_helper" : {
            "cpe" : "cpe:/h:unify:openscape_4000:-"
          }
        }
      }, {
        "category" : "product_name",
        "name" : "Unify OpenScape Branch",
        "product" : {
          "name" : "Unify OpenScape Branch",
          "product_id" : "T018258",
          "product_identification_helper" : {
            "cpe" : "cpe:/h:unify:openscape_branch:-"
          }
        }
      }, {
        "category" : "product_name",
        "name" : "Unify OpenScape SBC",
        "product" : {
          "name" : "Unify OpenScape SBC",
          "product_id" : "T008874",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:unify:openscape_sbc:-"
          }
        }
      }, {
        "category" : "product_name",
        "name" : "Unify OpenScape Xpert",
        "product" : {
          "name" : "Unify OpenScape Xpert",
          "product_id" : "T018014",
          "product_identification_helper" : {
            "cpe" : "cpe:/h:unify:openscape_xpert:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Unify"
    } ]
  },
  "vulnerabilities" : [ {
    "cve" : "CVE-2021-3449",
    "notes" : [ {
      "category" : "description",
      "text" : "In OpenSSL besteht eine Schwachstelle in der TLS Serverimplementierung. Lässt der Client bei einem erneuten (Renegotiation) \"ClientHello\" die \"signature_algorithms\" Erweiterung weg, obwohl sie im vorigen \"ClientHello\" enthalten war und sendet trotzdem die Erweiterung \"signature_algorithms_cert\" mit, so löst er damit am Server eine NULL-Zeiger Dereferenzierung aus. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen TLS Server zum Absturz zu bringen (Denial of Service). Serverimplementierungen, die keine TLS Renegotiation verwenden, sind nicht betroffen."
    } ],
    "product_status" : {
      "known_affected" : [ "2070", "T008874", "T015844", "T014994", "T004914", "T018760", "T018761", "T018762", "T018763", "T000756", "398363", "69412", "163824", "T015519", "T003851", "T003853", "T005119", "T013379", "T012167", "T018011", "T017562", "T018014", "T018258", "2951", "T002207", "T018777", "67646", "T003324", "T007921", "T017494", "T018066", "T001747", "T000612", "T018745", "T018746", "T018747", "T019318", "T018748", "T018749", "T018908", "T013514", "T015978", "T016869", "T011337", "T013513", "2143", "T019364", "T018353", "T015770", "T019365", "T018712", "T000126", "T018759" ]
    },
    "release_date" : "2021-03-25T23:00:00.000+00:00",
    "title" : "CVE-2021-3449"
  }, {
    "cve" : "CVE-2021-3450",
    "notes" : [ {
      "category" : "description",
      "text" : "In OpenSSL besteht eine Schwachstelle. Wurde die Validierung einer Zertifikatskette mit dem Parameter \"X509_V_FLAG_X509_STRICT\" gestartet, werden erweiterte Zertifikatsprüfungen vorgenommen. Mit OpenSSL Version 1.1.1h wurde hierzu eine Prüfung aufgenommen, um Zertifikate mit expliziten elliptischen Kurvenparametern zu verbieten. Durch einen Implementierungsfehler in diesem Feature werden jedoch CA-Zertifikate (Certificate Authority) in der Kette nicht mehr zuverlässig auf die Eigenschaft validiert, ob der Zertifikatsinhaber als CA tätig sein darf. Ein Angreifer kann dadurch sein gültiges Client- oder Server-Zertifikat zweckentfremden und damit beliebige Zertifikate signieren, die eine betroffene OpenSSL Version fälschlicherweise als gültig erkennt. Der Angreifer kann folglich kryptografische Sicherheitsmechanismen umgehen."
    } ],
    "product_status" : {
      "known_affected" : [ "2070", "T008874", "67646", "T003324", "T007921", "T014994", "T004914", "T018066", "T018760", "T018761", "T018762", "T018763", "T001747", "T000756", "T000612", "T018745", "T018746", "T018747", "T018748", "T018749", "398363", "T018908", "69412", "163824", "T015519", "T013514", "T003851", "T015978", "T011337", "T003853", "T013513", "2143", "T013379", "T012167", "T018011", "T015770", "T018014", "T018258", "2951", "T002207", "T018777", "T018712", "T000126", "T018759" ]
    },
    "release_date" : "2021-03-25T23:00:00.000+00:00",
    "title" : "CVE-2021-3450"
  } ]
}