{"containers": {"cna": {"affected": [{"product": "redis", "vendor": "redis", "versions": [{"status": "affected", "version": "< 5.0.14"}, {"status": "affected", "version": ">= 6.0.0, < 6.0.16"}, {"status": "affected", "version": ">= 6.2.0, < 6.2.6"}]}], "descriptions": [{"lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-29T16:07:35", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8"}, {"name": "FEDORA-2021-8913c7900c", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"}, {"name": "FEDORA-2021-61c487f241", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"}, {"name": "[geode-notifications] 20211013 [GitHub] [geode] jdeppe-pivotal opened a new pull request #6994: GEODE-9676: Limit array and string sizes for unauthenticated Radish connections", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ra603ff6e04549d7f290f61f9b11e2d2e4dba693b05ff053f4ec6bc47%40%3Cnotifications.geode.apache.org%3E"}, {"name": "FEDORA-2021-aa94492a09", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"}, {"name": "DSA-5001", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-5001"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20211104-0003/"}, {"name": "GLSA-202209-17", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202209-17"}], "source": {"advisory": "GHSA-f6pw-v9gw-v64p", "discovery": "UNKNOWN"}, "title": "DoS vulnerability in Redis", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32675", "STATE": "PUBLIC", "TITLE": "DoS vulnerability in Redis"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "redis", "version": {"version_data": [{"version_value": "< 5.0.14"}, {"version_value": ">= 6.0.0, < 6.0.16"}, {"version_value": ">= 6.2.0, < 6.2.6"}]}}]}, "vendor_name": "redis"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}]}, "references": {"reference_data": [{"name": "https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p", "refsource": "CONFIRM", "url": "https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p"}, {"name": "https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8", "refsource": "MISC", "url": "https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8"}, {"name": "FEDORA-2021-8913c7900c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"}, {"name": "FEDORA-2021-61c487f241", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"}, {"name": "[geode-notifications] 20211013 [GitHub] [geode] jdeppe-pivotal opened a new pull request #6994: GEODE-9676: Limit array and string sizes for unauthenticated Radish connections", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra603ff6e04549d7f290f61f9b11e2d2e4dba693b05ff053f4ec6bc47@%3Cnotifications.geode.apache.org%3E"}, {"name": "FEDORA-2021-aa94492a09", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"}, {"name": "DSA-5001", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-5001"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"name": "https://security.netapp.com/advisory/ntap-20211104-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211104-0003/"}, {"name": "GLSA-202209-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-17"}]}, "source": {"advisory": "GHSA-f6pw-v9gw-v64p", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:25:31.170Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8"}, {"name": "FEDORA-2021-8913c7900c", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"}, {"name": "FEDORA-2021-61c487f241", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"}, {"name": "[geode-notifications] 20211013 [GitHub] [geode] jdeppe-pivotal opened a new pull request #6994: GEODE-9676: Limit array and string sizes for unauthenticated Radish connections", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/ra603ff6e04549d7f290f61f9b11e2d2e4dba693b05ff053f4ec6bc47%40%3Cnotifications.geode.apache.org%3E"}, {"name": "FEDORA-2021-aa94492a09", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"}, {"name": "DSA-5001", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-5001"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20211104-0003/"}, {"name": "GLSA-202209-17", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202209-17"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-32675", "datePublished": "2021-10-04T17:50:11", "dateReserved": "2021-05-12T00:00:00", "dateUpdated": "2024-08-03T23:25:31.170Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5D64A76-B253-4A64-8AA2-DD8815CB3CF8", "versionEndExcluding": "5.0.14", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "matchCriteriaId": "02DF8086-645E-4D42-93D3-A4B11D289C7C", "versionEndExcluding": "6.0.16", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "matchCriteriaId": "4686800E-16BA-42CE-B691-011D1D5D0CC2", "versionEndExcluding": "6.2.6", "versionStartIncluding": "6.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "86B51137-28D9-41F2-AFA2-3CC22B4954D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*", "matchCriteriaId": "4455CF3A-CC91-4BE4-A7AB-929AC82E34F5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "B98BAEB2-A540-4E8A-A946-C4331B913AFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8FBE260-E306-4215-80C0-D2D27CA43E0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates."}, {"lang": "es", "value": "Redis es una base de datos en memoria de c\u00f3digo abierto que persiste en el disco. Cuando es analizada una petici\u00f3n entrante del Protocolo Est\u00e1ndar de Redis (RESP), Redis asigna la memoria de acuerdo con los valores especificados por el usuario, que determinan el n\u00famero de elementos (en el encabezado multi-bulk) y el tama\u00f1o de cada elemento (en el encabezado bulk). Un atacante que env\u00ede peticiones especialmente dise\u00f1adas a trav\u00e9s de m\u00faltiples conexiones puede causar que el servidor asigne una cantidad significativa de memoria. Debido a que el mismo mecanismo de an\u00e1lisis es usado para manejar las peticiones de autenticaci\u00f3n, esta vulnerabilidad tambi\u00e9n puede ser explotada por usuarios no autenticados. El problema se ha corregido en las versiones de Redis 6.2.6, 6.0.16 y 5.0.14. Una soluci\u00f3n adicional para mitigar este problema sin necesidad de parchear el ejecutable del servidor Redis es bloquear el acceso para evitar que los usuarios no autentificados se conecten a Redis. Esto puede hacerse de diferentes maneras: Usando herramientas de control de acceso a la red como firewalls, iptables, grupos de seguridad, etc. o Habilitando TLS y requiriendo que los usuarios se autentiquen usando certificados del lado del cliente"}], "id": "CVE-2021-32675", "lastModified": "2023-11-07T03:35:22.030", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-10-04T18:15:08.923", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p"}, {"source": "security-advisories@github.com", "url": "https://lists.apache.org/thread.html/ra603ff6e04549d7f290f61f9b11e2d2e4dba693b05ff053f4ec6bc47%40%3Cnotifications.geode.apache.org%3E"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202209-17"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20211104-0003/"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-5001"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2021:3949", "cpe": "cpe:/a:redhat:acm:2.1::el8", "package": "acm-must-gather-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-20T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "acmesolver-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "acm-must-gather-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "acm-operator-bundle-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "application-ui-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "cainjector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "cert-manager-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "cert-manager-webhook-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "cert-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "clusterlifecycle-state-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "configmap-watcher-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "config-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "console-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "console-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "console-header-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "endpoint-component-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "endpoint-monitoring-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "endpoint-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "governance-policy-propagator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "governance-policy-spec-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "governance-policy-status-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "governance-policy-template-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "grafana-dashboard-loader-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "grc-ui-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "grc-ui-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "iam-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "klusterlet-addon-lease-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "klusterlet-operator-bundle-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "kui-web-terminal-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "management-ingress-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "mcm-topology-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "mcm-topology-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "memcached-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "memcached-exporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "metrics-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicloud-manager-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multiclusterhub-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multiclusterhub-repo-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicluster-observability-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicluster-operators-application-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicluster-operators-channel-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicluster-operators-deployable-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicluster-operators-placementrule-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicluster-operators-subscription-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicluster-operators-subscription-release-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "observatorium-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "observatorium-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "openshift-hive-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "rbac-query-proxy-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "rcm-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "redisgraph-tls-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "registration-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "registration-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "search-aggregator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "search-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "search-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "search-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "search-ui-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "submariner-addon-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "thanos-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "thanos-receive-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3873", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "work-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "acm-grafana-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "acm-must-gather-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "acm-operator-bundle-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "application-ui-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "assisted-image-service-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "cert-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "cluster-backup-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "clusterclaims-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "cluster-curator-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "clusterlifecycle-state-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "cluster-proxy-addon-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "config-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "console-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "console-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "discovery-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "endpoint-monitoring-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "governance-policy-propagator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "governance-policy-spec-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "governance-policy-status-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "governance-policy-template-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "grafana-dashboard-loader-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "grc-ui-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "grc-ui-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "iam-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "insights-client-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "insights-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "klusterlet-addon-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "klusterlet-addon-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "klusterlet-operator-bundle-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "kube-rbac-proxy-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "kube-state-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "managedcluster-import-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "management-ingress-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "memcached-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "memcached-exporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "metrics-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicloud-integrations-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicloud-manager-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multiclusterhub-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multiclusterhub-repo-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicluster-observability-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicluster-operators-application-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicluster-operators-channel-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicluster-operators-deployable-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicluster-operators-placementrule-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicluster-operators-subscription-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "multicluster-operators-subscription-release-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "node-exporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "observatorium-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "observatorium-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "openshift-hive-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "placement-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "prometheus-alertmanager-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "prometheus-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "provider-credential-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "rbac-query-proxy-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "redisgraph-tls-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "registration-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "registration-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "rhacm-agent-service-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "rhacm-assisted-installer-agent-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "rhacm-assisted-installer-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "rhacm-assisted-installer-reporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "search-aggregator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "search-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "search-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "search-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "search-ui-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "submariner-addon-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "thanos-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "thanos-receive-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "volsync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "volsync-mover-rclone-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "volsync-mover-restic-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "volsync-mover-rsync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:4618", "cpe": "cpe:/a:redhat:acm:2.4::el8", "package": "work-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-11-11T00:00:00Z"}, {"advisory": "RHSA-2021:3925", "cpe": "cpe:/a:redhat:acm:2.3::el8", "impact": "moderate", "package": "rhacm2/redisgraph-tls-rhel8:v2.3.3-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8", "release_date": "2021-10-20T00:00:00Z"}, {"advisory": "RHSA-2021:3918", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "redis:5-8040020211011074037.522a0ee4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-10-19T00:00:00Z"}, {"advisory": "RHSA-2021:3945", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "redis:6-8040020211011082941.522a0ee4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-10-20T00:00:00Z"}, {"advisory": "RHSA-2021:3946", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "redis:5-8010020211011065007.c27ad7f8", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-10-20T00:00:00Z"}, {"advisory": "RHSA-2021:3944", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "redis:5-8020020211011071901.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-10-20T00:00:00Z"}, {"advisory": "RHSA-2021:3971", "cpe": "cpe:/a:redhat:openstack:10::el7", "package": "redis-0:3.2.8-5.el7ost", "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", "release_date": "2021-10-25T00:00:00Z"}, {"advisory": "RHSA-2021:3980", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "redis-0:3.2.8-5.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 - ELS", "release_date": "2021-10-25T00:00:00Z"}, {"advisory": "RHSA-2021:3980", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "redis-0:3.2.8-5.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS", "release_date": "2021-10-25T00:00:00Z"}, {"advisory": "RHSA-2021:3947", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-redis5-redis-0:5.0.5-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2021-10-20T00:00:00Z"}, {"advisory": "RHSA-2021:3947", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-redis5-redis-0:5.0.5-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2021-10-20T00:00:00Z"}], "bugzilla": {"description": "redis: Denial of service via Redis Standard Protocol (RESP) request", "id": "2011000", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011000"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-770", "details": ["Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates.", "A flaw was found in redis. When parsing an incoming Redis Standard Protocol (RESP) request, redis allocates memory according to user-specified values, which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). This flaw allows an unauthenticated, remote user delivering specially crafted requests over multiple connections to cause the server to allocate a significant amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability."], "mitigation": {"lang": "en:us", "value": "Prevent unauthenticated users from connecting to Redis by using network access control tools (e.g., firewalls) or enabling TLS and requiring users to authenticate using client side certificates."}, "name": "CVE-2021-32675", "package_state": [{"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Not affected", "package_name": "redis", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform", "fix_state": "Not affected", "package_name": "redis", "product_name": "Red Hat Ansible Automation Platform 1.2"}, {"cpe": "cpe:/a:redhat:ansible_tower:3", "fix_state": "Not affected", "package_name": "redis", "product_name": "Red Hat Ansible Tower 3"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "redis", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-redis6-redis", "product_name": "Red Hat Software Collections"}], "public_date": "2021-10-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-32675\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-32675\nhttps://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p"], "threat_severity": "Important", "upstream_fix": "redis 6.2.6, redis 6.0.16, redis 5.0.14"}