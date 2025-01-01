CVE and CVSS details information is presented in the following format:

CVEID: CVE-XXXX-XXXX (where XXXX-XXXX represents an assigned CVE ID)

Description

CWE

CVSS Source

CVSS Base Score: X.X

CVSS Vector: (CVSS:3.1/AV:X/AC:X/PR:X/UI:X/S:X/C:X/I:X/A:X)



The information represented by this format is as follows:



CVEID: The assigned CVE identifier presented as a hotlink to the associated NIST NVD CVE information web page.

Description: A high-level description of the vulnerability. IBM does not intend to provide vulnerability details that could enable someone to craft an exploit of the vulnerability.

CWE: Common Weakness Enumeration is a community-developed list of underlying conditions that are the root cause of vulnerabilities in software and hardware.

See the CWE list for more information and definitions of CWEs.

CVSS Source: The company or entity providing the Common Vulnerability Scoring System (CVSS) information. Sources: CISA-ADP, CVE Numbering Authority (CNA), NVD, X-Force.

CVSS Base Score: The CVSS score assigned to the CVE by IBM for IBM products or by CNA for non-IBM products. The score range is 0 – 10.



CVSS Vector: The CVSS Vector is a representation of the metric values used to score the vulnerability. The CVSS 3.1 Calculator provides details regarding the meaning of the vector string metrics.

Affected products and versions: The IBM products and their versions which are affected by the vulnerabilities identified in the security bulletin.



Remediation/fixes: Fix information and location by affected version.



Workarounds and Mitigations: Available usage or configuration changes.



References: Additional resources that may be useful when evaluating the security bulletin.



Related Information: Additional information and resources that may be useful when evaluating the security bulletin.