Vulnerabilities > CVE-2004-0947
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 | |
OS | 3 | |
OS | 1 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-652.NASL description Several vulnerabilities have been discovered in unarj, a non-free ARJ unarchive utility. The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities : - CAN-2004-0947 A buffer overflow has been discovered when handling long file names contained in an archive. An attacker could create a specially crafted archive which could cause unarj to crash or possibly execute arbitrary code when being extracted by a victim. - CAN-2004-1027 A directory traversal vulnerability has been found so that an attacker could create a specially crafted archive which would create files in the parent directory when being extracted by a victim. When used recursively, this vulnerability could be used to overwrite critical system files and programs. last seen 2020-06-01 modified 2020-06-02 plugin id 16236 published 2005-01-25 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16236 title Debian DSA-652-1 : unarj - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-652. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(16236); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2004-0947", "CVE-2004-1027"); script_xref(name:"DSA", value:"652"); script_name(english:"Debian DSA-652-1 : unarj - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in unarj, a non-free ARJ unarchive utility. The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities : - CAN-2004-0947 A buffer overflow has been discovered when handling long file names contained in an archive. An attacker could create a specially crafted archive which could cause unarj to crash or possibly execute arbitrary code when being extracted by a victim. - CAN-2004-1027 A directory traversal vulnerability has been found so that an attacker could create a specially crafted archive which would create files in the parent directory when being extracted by a victim. When used recursively, this vulnerability could be used to overwrite critical system files and programs." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=281922" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2005/dsa-652" ); script_set_attribute( attribute:"solution", value: "Upgrade the unarj package. For the stable distribution (woody) these problems have been fixed in version 2.43-3woody1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:unarj"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2005/01/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/01/25"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"unarj", reference:"2.43-3woody1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200411-29.NASL description The remote host is affected by the vulnerability described in GLSA-200411-29 (unarj: Long filenames buffer overflow and a path traversal vulnerability) unarj has a bounds checking vulnerability within the handling of long filenames in archives. It also fails to properly sanitize paths when extracting an archive (if the last seen 2020-06-01 modified 2020-06-02 plugin id 15777 published 2004-11-22 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15777 title GLSA-200411-29 : unarj: Long filenames buffer overflow and a path traversal vulnerability code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200411-29. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(15777); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2004-0947", "CVE-2004-1027"); script_xref(name:"GLSA", value:"200411-29"); script_name(english:"GLSA-200411-29 : unarj: Long filenames buffer overflow and a path traversal vulnerability"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200411-29 (unarj: Long filenames buffer overflow and a path traversal vulnerability) unarj has a bounds checking vulnerability within the handling of long filenames in archives. It also fails to properly sanitize paths when extracting an archive (if the 'x' option is used to preserve paths). Impact : An attacker could trigger a buffer overflow or a path traversal by enticing a user to open an archive containing specially crafted path names, potentially resulting in the overwrite of files or execution of arbitrary code with the permissions of the user running unarj. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200411-29" ); script_set_attribute( attribute:"solution", value: "All unarj users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-arch/unarj-2.63a-r2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:unarj"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/11/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/22"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-arch/unarj", unaffected:make_list("ge 2.63a-r2"), vulnerable:make_list("lt 2.63a-r2"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unarj"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2004-414.NASL description A buffer overflow bug has been discovered in unarj when handling long file names contained in an archive. An attacker could create an archive with a specially crafted path which could cause unarj to crash or execute arbitrary instructions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0947 to this issue. Additionally, a path traversal vulnerability exists in unarj which allows an attacker to extract files to the parent ( last seen 2020-06-01 modified 2020-06-02 plugin id 62247 published 2012-09-24 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62247 title Fedora Core 2 : unarj-2.63a-7 (2004-414) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2004-414. # include("compat.inc"); if (description) { script_id(62247); script_version("1.7"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_cve_id("CVE-2004-0947"); script_xref(name:"FEDORA", value:"2004-414"); script_name(english:"Fedora Core 2 : unarj-2.63a-7 (2004-414)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "A buffer overflow bug has been discovered in unarj when handling long file names contained in an archive. An attacker could create an archive with a specially crafted path which could cause unarj to crash or execute arbitrary instructions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0947 to this issue. Additionally, a path traversal vulnerability exists in unarj which allows an attacker to extract files to the parent ('..') directory. When used recursively, this vulnerability can be used to overwrite critical system files and programs. Users of unarj are advised to upgrade to these packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2004-November/000393.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d089fdde" ); script_set_attribute(attribute:"solution", value:"Update the affected unarj package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:unarj"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/11/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 2.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC2", reference:"unarj-2.63a-7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unarj"); }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_A163BAFF3FE111D9A9E70001020EED82.NASL description Ludwig Nussel has discovered a buffer overflow vulnerability in unarj last seen 2020-06-01 modified 2020-06-02 plugin id 19053 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19053 title FreeBSD : unarj -- long filename buffer overflow (a163baff-3fe1-11d9-a9e7-0001020eed82) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(19053); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:36"); script_cve_id("CVE-2004-0947"); script_bugtraq_id(11665); script_name(english:"FreeBSD : unarj -- long filename buffer overflow (a163baff-3fe1-11d9-a9e7-0001020eed82)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Ludwig Nussel has discovered a buffer overflow vulnerability in unarj's handling of long filenames which could potentially lead to execution of arbitrary code with the permissions of the user running unarj." ); # https://vuxml.freebsd.org/freebsd/a163baff-3fe1-11d9-a9e7-0001020eed82.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5e56d3cb" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:unarj"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/09"); script_set_attribute(attribute:"patch_publication_date", value:"2004/11/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"unarj<2.43_2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE9_9523.NASL description A directory traversal bug was spotted in the unarj program (CVE-2004-0947). Additionaly SUSE Security audited unarj and found several buffer overflows which are also fixed by this update. last seen 2020-06-01 modified 2020-06-02 plugin id 41339 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41339 title SuSE9 Security Update : unarj (YOU Patch Number 9523) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41339); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_cve_id("CVE-2004-0947"); script_name(english:"SuSE9 Security Update : unarj (YOU Patch Number 9523)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "A directory traversal bug was spotted in the unarj program (CVE-2004-0947). Additionaly SUSE Security audited unarj and found several buffer overflows which are also fixed by this update." ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2004-0947/" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 9523."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/12/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", reference:"unarj-2.65-131.6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-007.NASL description An updated unarj package that fixes a buffer overflow vulnerability and a directory traversal vulnerability is now available. The unarj program is an archiving utility which can extract ARJ-compatible archives. A buffer overflow bug was discovered in unarj when handling long file names contained in an archive. An attacker could create a specially crafted archive which could cause unarj to crash or possibly execute arbitrary code when extracted by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0947 to this issue. Additionally, a path traversal vulnerability was discovered in unarj. An attacker could create a specially crafted archive which would create files in the parent ( last seen 2020-06-01 modified 2020-06-02 plugin id 16145 published 2005-01-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16145 title RHEL 2.1 : unarj (RHSA-2005:007)
Redhat
advisories |
|
References
- http://lwn.net/Articles/121827/
- http://lwn.net/Articles/121827/
- http://www.debian.org/security/2005/dsa-652
- http://www.debian.org/security/2005/dsa-652
- http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml
- http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml
- http://www.redhat.com/support/errata/RHSA-2005-007.html
- http://www.redhat.com/support/errata/RHSA-2005-007.html
- http://www.securityfocus.com/bid/11665
- http://www.securityfocus.com/bid/11665
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18044
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18044