Hauptmenü öffnen
Wiki - Heidler Strichcode GmbH

CVE-2023-42503: Unterschied zwischen den Versionen

(Die Seite wurde neu angelegt: „= Quelle = https://nvd.nist.gov/vuln/detail/CVE-2023-42503 = Beschreibung vom CVE = Durch die Ausnutzung der Sicherheitslücke wäre eine DOS (Denial of Servi…“)
 
 
(13 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
= Quelle =
+
= Source =
 
https://nvd.nist.gov/vuln/detail/CVE-2023-42503
 
https://nvd.nist.gov/vuln/detail/CVE-2023-42503
  
= Beschreibung vom CVE =
+
= Description of this CVE =
Durch die Ausnutzung der Sicherheitslücke wäre eine DOS (Denial of Service) Attacke auf das System möglich.
+
Through exploiting this security vulnerability a DOS (Denial of Service) attack may be possible on the system.
Allerdings nutzt keine unserer Applikation diese spezielle Funktion.
+
 
 +
Exploiting this weakness only works if a .tar file is read. Currently none of our applications uses this functionality.
 +
 
 +
= Affected Applications =
 +
''affected version = From which version onwards there is a need for action.''<br>
 +
''fixed version = Minimum version where the security vulnerability is fixed or not affected anymore.''<br>
 +
''not affected = This application is not affected and therefore there is no need for action.<br>
 +
''all versions = Every single version is affected. A need for action is required regardless of the version''
  
= Betroffene Applikationen =
 
''application name = Name der Applikation.''<br>
 
''affected version = Für welche Versionssände Handlungsbedarf besteht.''<br>
 
''fixed version = Mindestversionsstand, in welcher die Sicherheitslücke behoben / nicht betroffen ist.''<br><br>
 
''not affected = Diese Applikation ist von der Sicherheitslücke nicht betroffen. Es besteht kein Handlungsbedarf.''<br><br>
 
 
{| class="wikitable"
 
{| class="wikitable"
 
|-
 
|-
! application name !! affected version !! fixed version
+
! Application Name !! Affected Version !! Fixed Version
 
|-
 
|-
 
| CarrierAPI || not affected || not affected
 
| CarrierAPI || not affected || not affected
 
|-
 
|-
| ComManager || 1.2.11 or lower || 1.2.12
+
| ComManager || 1.2.12
 +
| 1.2.16
 
|-
 
|-
| DataGatewayServer V3 (DGS V3)<br>''alle Versionen 2.x.x sind ausgeschlossen'' || 3.8.15 or lower || 3.8.16
+
| DataGatewayServer V3 (DGS V3)<br>''all versions 2.x.x are excluded''|| 3.8.14 or higher
 +
| 3.8.27
 
|-
 
|-
| FileConverter || not affected || not affected
+
| FileConverter || ||  
 
|-
 
|-
| FileMoveService || not affected || not affected
+
| FileMoveService || ||  
 
|-
 
|-
| GLSBoxService || not affected || not affected
+
| GLSBoxService || ||  
 
|-
 
|-
| HFMS (Tarifwerk) || 1.8.12 or lower || 1.8.13
+
| HFMS (Tarifwerk) || 1.8.9 or higher || 1.9.0
 
|-
 
|-
| HVS32AMAService || not affected || not affected
+
| HVS32AMAService || 1.3.6 or higher
 +
| 1.3.8
 
|-
 
|-
| HVS32DBArchivierung || not affected || not affected
+
| HVS32DBArchivierung || all versions || 4.6.8
 
|-
 
|-
| HVS32MonitoringService || not affected || not affected
+
| HVS32MonitoringService || 1.4.11 or higher
 +
| 1.4.13
 
|-
 
|-
| HVS32MonitoringServiceLight || not affected || not affected
+
| HVS32MonitoringServiceLight || 1.5.8 or higher
 +
| 1.5.10
 
|-
 
|-
| IRIS || 1.0.9 or lower || 1.0.10
+
| IRIS || all versions || 1.1.2
 
|-
 
|-
| Leitcode || 3.3.6 or lower || 3.3.7
+
| Leitcode || ||  
 
|-
 
|-
| ScaleService || 2.2.3 or lower || 2.2.4
+
| ScaleService || all versions || 2.2.6
 
|-
 
|-
| SEM-Manager || 1.5.6 or lower || 1.5.7
+
| SEM-Manager || all versions || 1.6.3
 
|-
 
|-
| SEM-Web || 1.5.6 or lower || 1.5.7
+
| SEM-Web || all versions || 1.6.1
 
|-
 
|-
| Verladefreigabe || 2.2.3 or lower || 2.2.4
+
| Verladefreigabe || all versions || 2.2.5
 
|-
 
|-
| WatchLog || 1.2.2 or lower || 1.2.3
+
| WatchLog || ||  
 
|}
 
|}

Aktuelle Version vom 10. Oktober 2023, 09:13 Uhr

Source

Description of this CVE

Through exploiting this security vulnerability a DOS (Denial of Service) attack may be possible on the system.

Exploiting this weakness only works if a .tar file is read. Currently none of our applications uses this functionality.

Affected Applications

affected version = From which version onwards there is a need for action.
fixed version = Minimum version where the security vulnerability is fixed or not affected anymore.
not affected = This application is not affected and therefore there is no need for action.
 all versions = Every single version is affected. A need for action is required regardless of the version

Application Name Affected Version Fixed Version
CarrierAPI not affected not affected
ComManager 1.2.12 1.2.16
DataGatewayServer V3 (DGS V3)
all versions 2.x.x are excluded		 3.8.14 or higher 3.8.27
FileConverter
FileMoveService
GLSBoxService
HFMS (Tarifwerk) 1.8.9 or higher 1.9.0
HVS32AMAService 1.3.6 or higher 1.3.8
HVS32DBArchivierung all versions 4.6.8
HVS32MonitoringService 1.4.11 or higher 1.4.13
HVS32MonitoringServiceLight 1.5.8 or higher 1.5.10
IRIS all versions 1.1.2
Leitcode
ScaleService all versions 2.2.6
SEM-Manager all versions 1.6.3
SEM-Web all versions 1.6.1
Verladefreigabe all versions 2.2.5
WatchLog
Abgerufen von „https://wiki.heidler-strichcode.de/w/index.php?title=CVE-2023-42503&oldid=5336