{
  "document" : {
    "aggregate_severity" : {
      "text" : "hoch"
    },
    "category" : "csaf_base",
    "csaf_version" : "2.0",
    "distribution" : {
      "tlp" : {
        "label" : "WHITE",
        "url" : "https://www.first.org/tlp/"
      }
    },
    "lang" : "de-DE",
    "notes" : [ {
      "category" : "legal_disclaimer",
      "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen."
    }, {
      "category" : "description",
      "text" : "Der Dormakaba Access Manager ist eine Softwareplattform zur zentralen Verwaltung von Zutrittsrechten, Ausweisen und Schließsystemen.",
      "title" : "Produktbeschreibung"
    }, {
      "category" : "summary",
      "text" : "Ein Angreifer kann mehrere Schwachstellen in dormakaba Access Manager ausnutzen, um seine Privilegien zu erhöhen, um Informationen offenzulegen, um einen Denial of Service Angriff durchzuführen, und um Sicherheitsvorkehrungen zu umgehen.",
      "title" : "Angriff"
    }, {
      "category" : "general",
      "text" : "- Sonstiges",
      "title" : "Betroffene Betriebssysteme"
    } ],
    "publisher" : {
      "category" : "other",
      "contact_details" : "csaf-provider@cert-bund.de",
      "name" : "Bundesamt für Sicherheit in der Informationstechnik",
      "namespace" : "https://www.bsi.bund.de"
    },
    "references" : [ {
      "category" : "self",
      "summary" : "WID-SEC-W-2026-0214 - CSAF Version",
      "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0214.json"
    }, {
      "category" : "self",
      "summary" : "WID-SEC-2026-0214 - Portal Version",
      "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0214"
    }, {
      "category" : "external",
      "summary" : "Dormakaba Security Advisory vom 2026-01-25",
      "url" : "https://assets.ctfassets.net/y0dk4vkszqeh/24oRToEzmOXVHtJx3RRVFd/69c7ce3b927cfe352057f960d8ae10a8/DKSA-26-26-011_AM_92xxK5_92xxK7_exos_Client.pdf"
    } ],
    "source_lang" : "en-US",
    "title" : "dormakaba Access Manager: Mehrere Schwachstellen",
    "tracking" : {
      "current_release_date" : "2026-01-27T23:00:00.000+00:00",
      "generator" : {
        "date" : "2026-01-28T09:21:53.120+00:00",
        "engine" : {
          "name" : "BSI-WID",
          "version" : "1.5.0"
        }
      },
      "id" : "WID-SEC-W-2026-0214",
      "initial_release_date" : "2026-01-25T23:00:00.000+00:00",
      "revision_history" : [ {
        "date" : "2026-01-25T23:00:00.000+00:00",
        "number" : "1",
        "summary" : "Initiale Fassung"
      }, {
        "date" : "2026-01-26T23:00:00.000+00:00",
        "number" : "2",
        "summary" : "Referenz(en) aufgenommen: EUVD-2025-206361, EUVD-2025-206362, EUVD-2025-206363, EUVD-2025-206364, EUVD-2025-206367, EUVD-2025-206368, EUVD-2025-206370, EUVD-2025-206374, EUVD-2025-206378"
      }, {
        "date" : "2026-01-27T23:00:00.000+00:00",
        "number" : "3",
        "summary" : "Referenz(en) aufgenommen: EUVD-2025-206365, EUVD-2025-206371"
      } ],
      "status" : "final",
      "version" : "3"
    }
  },
  "product_tree" : {
    "branches" : [ {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_version_range",
          "name" : "<XAMB 04.06.212 RA",
          "product" : {
            "name" : "dormakaba Access Manager <XAMB 04.06.212 RA",
            "product_id" : "T050302"
          }
        }, {
          "category" : "product_version",
          "name" : "XAMB 04.06.212 RA",
          "product" : {
            "name" : "dormakaba Access Manager XAMB 04.06.212 RA",
            "product_id" : "T050302-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:dormakaba:access_manager:xamb_04.06.212_ra"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "<BAME 06.00 RA",
          "product" : {
            "name" : "dormakaba Access Manager <BAME 06.00 RA",
            "product_id" : "T050303"
          }
        }, {
          "category" : "product_version",
          "name" : "BAME 06.00 RA",
          "product" : {
            "name" : "dormakaba Access Manager BAME 06.00 RA",
            "product_id" : "T050303-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:dormakaba:access_manager:bame_06.00_ra"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Access Manager"
      } ],
      "category" : "vendor",
      "name" : "dormakaba"
    } ]
  },
  "vulnerabilities" : [ {
    "cve" : "CVE-2025-59097",
    "product_status" : {
      "known_affected" : [ "T050303", "T050302" ]
    },
    "release_date" : "2026-01-25T23:00:00.000+00:00",
    "title" : "CVE-2025-59097"
  }, {
    "cve" : "CVE-2025-59098",
    "product_status" : {
      "known_affected" : [ "T050303", "T050302" ]
    },
    "release_date" : "2026-01-25T23:00:00.000+00:00",
    "title" : "CVE-2025-59098"
  }, {
    "cve" : "CVE-2025-59099",
    "product_status" : {
      "known_affected" : [ "T050303", "T050302" ]
    },
    "release_date" : "2026-01-25T23:00:00.000+00:00",
    "title" : "CVE-2025-59099"
  }, {
    "cve" : "CVE-2025-59100",
    "product_status" : {
      "known_affected" : [ "T050303", "T050302" ]
    },
    "release_date" : "2026-01-25T23:00:00.000+00:00",
    "title" : "CVE-2025-59100"
  }, {
    "cve" : "CVE-2025-59101",
    "product_status" : {
      "known_affected" : [ "T050303", "T050302" ]
    },
    "release_date" : "2026-01-25T23:00:00.000+00:00",
    "title" : "CVE-2025-59101"
  }, {
    "cve" : "CVE-2025-59102",
    "product_status" : {
      "known_affected" : [ "T050303", "T050302" ]
    },
    "release_date" : "2026-01-25T23:00:00.000+00:00",
    "title" : "CVE-2025-59102"
  }, {
    "cve" : "CVE-2025-59103",
    "product_status" : {
      "known_affected" : [ "T050303", "T050302" ]
    },
    "release_date" : "2026-01-25T23:00:00.000+00:00",
    "title" : "CVE-2025-59103"
  }, {
    "cve" : "CVE-2025-59104",
    "product_status" : {
      "known_affected" : [ "T050303", "T050302" ]
    },
    "release_date" : "2026-01-25T23:00:00.000+00:00",
    "title" : "CVE-2025-59104"
  }, {
    "cve" : "CVE-2025-59105",
    "product_status" : {
      "known_affected" : [ "T050303", "T050302" ]
    },
    "release_date" : "2026-01-25T23:00:00.000+00:00",
    "title" : "CVE-2025-59105"
  }, {
    "cve" : "CVE-2025-59106",
    "product_status" : {
      "known_affected" : [ "T050303", "T050302" ]
    },
    "release_date" : "2026-01-25T23:00:00.000+00:00",
    "title" : "CVE-2025-59106"
  }, {
    "cve" : "CVE-2025-59107",
    "product_status" : {
      "known_affected" : [ "T050303", "T050302" ]
    },
    "release_date" : "2026-01-25T23:00:00.000+00:00",
    "title" : "CVE-2025-59107"
  }, {
    "cve" : "CVE-2025-59108",
    "product_status" : {
      "known_affected" : [ "T050303", "T050302" ]
    },
    "release_date" : "2026-01-25T23:00:00.000+00:00",
    "title" : "CVE-2025-59108"
  } ]
}