Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2024-1874-1.NASL
HistoryJun 01, 2024 - 12:00 a.m.

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : Java (SUSE-SU-2024:1874-1)

2024-06-0100:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
suse linux
java update
apiguardian
assertj-core
byte-buddy
dom4j
hamcrest
junit5

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.2 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.0%

JSON

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1874-1 advisory.

This update for Java fixes thefollowing issues:

apiguardian was updated to vesion 1.1.2:

- Added LICENSE/NOTICE to the generated jar
- Allow @API to be declared at the package level
- Explain usage of Status.DEPRECATED
- Include OSGi metadata in manifest

assertj-core was implemented at version 3.25.3:

- New package implementation needed by Junit5

byte-buddy was updated to version v1.14.16:

- `byte-buddy` is required by `assertj-core`
- Changes in version v1.14.16:

  * Update ASM and introduce support for Java 23.

- Changes in version v1.14.15:

  * Allow attaching from root on J9.

- Changes of v1.14.14:

  * Adjust type validation to accept additional names that are         legal in the class file format.
  * Fix dynamic attach on Windows when a service user is active.
  * Avoid failure when using Android's strict mode.

dom4j was updated to version 2.1.4:

- Improvements and potentially breaking changes:

  * Added new factory method org.dom4j.io.SAXReader.createDefault(). It has more secure defaults than new     SAXReader(),         which uses system XMLReaderFactory.createXMLReader() or SAXParserFactory.newInstance().newSAXParser().
  * If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an     explicit         dependency on it in your project. They are no longer marked as a mandatory transitive dependency by     dom4j.
  * Following SAX parser features are disabled by default in DocumentHelper.parse() for security reasons     (they were         enabled in previous versions):

    + http://xml.org/sax/properties/external-general-entities         + http://xml.org/sax/properties/external-parameter-entities

- Other changes:

  * Do not depend on jtidy, since it is not used during build
  * Fixed license to Plexus
  * JPMS: Add the Automatic-Module-Name attribute to the manifest.
  * Make a separate flavour for a minimal `dom4j-bootstrap` package used to build `jaxen` and full `dom4j`
  * Updated pull-parser version
  * Reuse the writeAttribute method in writeAttributes
  * Support build on OS with non-UTF8 as default charset
  * Gradle: add an automatic module name
  * Use Correct License Name 'Plexus'
  * Possible vulnerability of DocumentHelper.parseText() to XML injection
  * CVS directories left in the source tree
  * XMLWriter does not escape supplementary unicode characters correctly
  * writer.writeOpen(x) doesn't write namespaces
  * Fixed concurrency problem with QNameCache
  * All dependencies are optional
  * SAXReader: hardcoded namespace features
  * Validate QNames
  * StringIndexOutOfBoundsException in XMLWriter.writeElementContent()
  * TreeNode has grown some generics
  * QName serialization fix
  * DocumentException initialize with nested exception
  * Accidentally occurring error in a multi-threaded test
  * Added compatibility with W3C DOM Level 3
  * Use Java generics

hamcrest:

-  `hamcrest-core` has been replaced by `hamcrest` (no source changes)

junit had the following change:

- Require hamcrest >= 2.2

junit5 was updated to version 5.10.2:

- Conditional execution based on OS architectures
- Configurable cleanup mode for @TempDir
- Configurable thread mode for @Timeout
- Custom class loader support for class/method selectors, @MethodSource, @EnabledIf, and @DisabledIf
- Dry-run mode for test execution
- Failure threshold for @RepeatedTest
- Fixed build with the latest open-test-reporting milestone
- Fixed dependencies in module-info.java files
- Fixed unreported exception error that is fatal with JDK 21
- Improved configurability of parallel execution
- New @SelectMethod support in test @Suite classes.
- New ConsoleLauncher subcommand for test discovery without execution
- New convenience base classes for implementing ArgumentsProvider and ArgumentConverter
- New IterationSelector
- New LauncherInterceptor SPI
- New NamespacedHierarchicalStore for use in third-party test engines
- New TempDirFactory SPI for customizing how temporary directories are created
- New testfeed details mode for ConsoleLauncher
- New TestInstancePreConstructCallback extension API
- Numerous bug fixes and minor improvements
- Parameter injection for @MethodSource methods
- Promotion of various experimental APIs to stable
- Reusable parameter resolution for custom extension methods via ExecutableInvoker
- Stacktrace pruning to hide internal JUnit calls
- The binaries are compatible with java 1.8
- Various improvements to ConsoleLauncher
- XML reports in new Open Test Reporting format

jdom:

- Security issues fixed:

  * CVE-2021-33813: Fixed an XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a     denial of service         via a crafted HTTP request (bsc#1187446)

- Other changes and bugs fixed:

  * Fixed wrong entries in changelog (bsc#1224410)
  * The packages `jaxen`, `saxpath` and `xom` are now separate standalone packages instead of being part     of `jdom`

jaxen was implemented at version 2.0.0:

- New standalone RPM package implementation, originally part of `jdom` source package
- Classpaths are much smaller and less complex, and will suppress a lot of noise from static analysis     tools.
- The Jaxen core code is also a little smaller and has fixed a few minor bugs in XPath evaluation
- Despite the major version bump, this should be a drop in replacement for almost every project.
  The two major possible incompatibilities are:

  * The minimum supported Java version is now 1.5, up from 1.4 in 1.2.0 and 1.3 in 1.1.6.
  * dom4j, XOM, and JDOM are now optional dependencies so if a project was depending on them to be loaded     transitively         it will need to add explicit dependencies to build.

jopt-simple:

- Included jopt-simple to Package Hub 15 SP5 (no source changes)

objectweb-asm was updated to version 9.7:

- New Opcodes.V23 constant for Java 23
- Bugs fixed
  * Fixed unit test regression in dex2jar.
  * Fixed 'ClassNode#outerClass' with incorrect JavaDocs.
  * asm-bom packaging should be 'pom'.
  * The Textifier prints a supplementary space at the end of each method that throws at least one     exception.


open-test-reporting:

- Included `open-test-reporting-events` and `open-test-reporting-schema` to the channels as they are     runtime       dependencies of Junit5 (no source changes)

saxpath was implemented at version 1.0 FCS:

- New standalone RPM package implementation, originally part of `jdom` source package (openSUSE Leap 15.5     package only)

xom was implemented at version 1.3.9:

- New standalone RPM package implementation, originally part of `jdom` source package
- The Nodes and Elements classes are iterable so you can use the enhanced for loop syntax on instances of     these classes.
- The copy() method is now covariant.
- Adds Automatic-Moduole-Name to jar
- Remove direct dependency on xml-apis:xml-apis artifact since these classes are now available in the core     runtime.
- Eliminate usage of com.sun classes to make XOM compatible with JDK 16.
- Replace remaining usages of StringBuffer with StringBuilder to slightly improve performance.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2024:1874-1. The text itself
# is copyright (C) SUSE.
##

include('compat.inc');

if (description)
{
  script_id(198282);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/05");

  script_cve_id("CVE-2021-33813");
  script_xref(name:"SuSE", value:"SUSE-SU-2024:1874-1");

  script_name(english:"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : Java (SUSE-SU-2024:1874-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are
affected by a vulnerability as referenced in the SUSE-SU-2024:1874-1 advisory.

    This update for Java fixes thefollowing issues:

    apiguardian was updated to vesion 1.1.2:

    - Added LICENSE/NOTICE to the generated jar
    - Allow @API to be declared at the package level
    - Explain usage of Status.DEPRECATED
    - Include OSGi metadata in manifest

    assertj-core was implemented at version 3.25.3:

    - New package implementation needed by Junit5

    byte-buddy was updated to version v1.14.16:

    - `byte-buddy` is required by `assertj-core`
    - Changes in version v1.14.16:

      * Update ASM and introduce support for Java 23.

    - Changes in version v1.14.15:

      * Allow attaching from root on J9.

    - Changes of v1.14.14:

      * Adjust type validation to accept additional names that are
        legal in the class file format.
      * Fix dynamic attach on Windows when a service user is active.
      * Avoid failure when using Android's strict mode.

    dom4j was updated to version 2.1.4:

    - Improvements and potentially breaking changes:

      * Added new factory method org.dom4j.io.SAXReader.createDefault(). It has more secure defaults than new
    SAXReader(),
        which uses system XMLReaderFactory.createXMLReader() or SAXParserFactory.newInstance().newSAXParser().
      * If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an
    explicit
        dependency on it in your project. They are no longer marked as a mandatory transitive dependency by
    dom4j.
      * Following SAX parser features are disabled by default in DocumentHelper.parse() for security reasons
    (they were
        enabled in previous versions):

        + http://xml.org/sax/properties/external-general-entities
        + http://xml.org/sax/properties/external-parameter-entities

    - Other changes:

      * Do not depend on jtidy, since it is not used during build
      * Fixed license to Plexus
      * JPMS: Add the Automatic-Module-Name attribute to the manifest.
      * Make a separate flavour for a minimal `dom4j-bootstrap` package used to build `jaxen` and full `dom4j`
      * Updated pull-parser version
      * Reuse the writeAttribute method in writeAttributes
      * Support build on OS with non-UTF8 as default charset
      * Gradle: add an automatic module name
      * Use Correct License Name 'Plexus'
      * Possible vulnerability of DocumentHelper.parseText() to XML injection
      * CVS directories left in the source tree
      * XMLWriter does not escape supplementary unicode characters correctly
      * writer.writeOpen(x) doesn't write namespaces
      * Fixed concurrency problem with QNameCache
      * All dependencies are optional
      * SAXReader: hardcoded namespace features
      * Validate QNames
      * StringIndexOutOfBoundsException in XMLWriter.writeElementContent()
      * TreeNode has grown some generics
      * QName serialization fix
      * DocumentException initialize with nested exception
      * Accidentally occurring error in a multi-threaded test
      * Added compatibility with W3C DOM Level 3
      * Use Java generics

    hamcrest:

    -  `hamcrest-core` has been replaced by `hamcrest` (no source changes)

    junit had the following change:

    - Require hamcrest >= 2.2

    junit5 was updated to version 5.10.2:

    - Conditional execution based on OS architectures
    - Configurable cleanup mode for @TempDir
    - Configurable thread mode for @Timeout
    - Custom class loader support for class/method selectors, @MethodSource, @EnabledIf, and @DisabledIf
    - Dry-run mode for test execution
    - Failure threshold for @RepeatedTest
    - Fixed build with the latest open-test-reporting milestone
    - Fixed dependencies in module-info.java files
    - Fixed unreported exception error that is fatal with JDK 21
    - Improved configurability of parallel execution
    - New @SelectMethod support in test @Suite classes.
    - New ConsoleLauncher subcommand for test discovery without execution
    - New convenience base classes for implementing ArgumentsProvider and ArgumentConverter
    - New IterationSelector
    - New LauncherInterceptor SPI
    - New NamespacedHierarchicalStore for use in third-party test engines
    - New TempDirFactory SPI for customizing how temporary directories are created
    - New testfeed details mode for ConsoleLauncher
    - New TestInstancePreConstructCallback extension API
    - Numerous bug fixes and minor improvements
    - Parameter injection for @MethodSource methods
    - Promotion of various experimental APIs to stable
    - Reusable parameter resolution for custom extension methods via ExecutableInvoker
    - Stacktrace pruning to hide internal JUnit calls
    - The binaries are compatible with java 1.8
    - Various improvements to ConsoleLauncher
    - XML reports in new Open Test Reporting format

    jdom:

    - Security issues fixed:

      * CVE-2021-33813: Fixed an XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a
    denial of service
        via a crafted HTTP request (bsc#1187446)

    - Other changes and bugs fixed:

      * Fixed wrong entries in changelog (bsc#1224410)
      * The packages `jaxen`, `saxpath` and `xom` are now separate standalone packages instead of being part
    of `jdom`

    jaxen was implemented at version 2.0.0:

    - New standalone RPM package implementation, originally part of `jdom` source package
    - Classpaths are much smaller and less complex, and will suppress a lot of noise from static analysis
    tools.
    - The Jaxen core code is also a little smaller and has fixed a few minor bugs in XPath evaluation
    - Despite the major version bump, this should be a drop in replacement for almost every project.
      The two major possible incompatibilities are:

      * The minimum supported Java version is now 1.5, up from 1.4 in 1.2.0 and 1.3 in 1.1.6.
      * dom4j, XOM, and JDOM are now optional dependencies so if a project was depending on them to be loaded
    transitively
        it will need to add explicit dependencies to build.

    jopt-simple:

    - Included jopt-simple to Package Hub 15 SP5 (no source changes)

    objectweb-asm was updated to version 9.7:

    - New Opcodes.V23 constant for Java 23
    - Bugs fixed
      * Fixed unit test regression in dex2jar.
      * Fixed 'ClassNode#outerClass' with incorrect JavaDocs.
      * asm-bom packaging should be 'pom'.
      * The Textifier prints a supplementary space at the end of each method that throws at least one
    exception.


    open-test-reporting:

    - Included `open-test-reporting-events` and `open-test-reporting-schema` to the channels as they are
    runtime
      dependencies of Junit5 (no source changes)

    saxpath was implemented at version 1.0 FCS:

    - New standalone RPM package implementation, originally part of `jdom` source package (openSUSE Leap 15.5
    package only)

    xom was implemented at version 1.3.9:

    - New standalone RPM package implementation, originally part of `jdom` source package
    - The Nodes and Elements classes are iterable so you can use the enhanced for loop syntax on instances of
    these classes.
    - The copy() method is now covariant.
    - Adds Automatic-Moduole-Name to jar
    - Remove direct dependency on xml-apis:xml-apis artifact since these classes are now available in the core
    runtime.
    - Eliminate usage of com.sun classes to make XOM compatible with JDK 16.
    - Replace remaining usages of StringBuffer with StringBuilder to slightly improve performance.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187446");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1224410");
  script_set_attribute(attribute:"see_also", value:"https://lists.suse.com/pipermail/sle-updates/2024-May/035436.html");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-33813");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-33813");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/06/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/05/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apiguardian");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:assertj-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:byte-buddy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dom4j");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:hamcrest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:jaxen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:jdom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:jopt-simple");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:junit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:junit5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:junit5-minimal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:objectweb-asm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:open-test-reporting-events");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:open-test-reporting-schema");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xom");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES|SUSE)") audit(AUDIT_OS_NOT, "SUSE / openSUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+|SUSE([\d.]+))", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLED_SAP15|SLES15|SLES_SAP15|SUSE15\.5|SUSE15\.6)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);

var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLED15" && (! preg(pattern:"^(5|6)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLED15 SP5/6", os_ver + " SP" + service_pack);
if (os_ver == "SLED_SAP15" && (! preg(pattern:"^(5|6)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLED_SAP15 SP5/6", os_ver + " SP" + service_pack);
if (os_ver == "SLES15" && (! preg(pattern:"^(2|3|4|5|6)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP2/3/4/5/6", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(2|3|4|5|6)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP2/3/4/5/6", os_ver + " SP" + service_pack);

var pkgs = [
    {'reference':'dom4j-2.1.4-150200.12.10.2', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
    {'reference':'hamcrest-2.2-150200.12.17.2', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
    {'reference':'jaxen-2.0.0-150200.5.3.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
    {'reference':'jdom-1.1.3-150200.12.8.2', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
    {'reference':'junit-4.13.2-150200.3.15.2', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
    {'reference':'objectweb-asm-9.7-150200.3.15.2', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
    {'reference':'xom-1.3.9-150200.5.3.3', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
    {'reference':'dom4j-2.1.4-150200.12.10.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'hamcrest-2.2-150200.12.17.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'jaxen-2.0.0-150200.5.3.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'jdom-1.1.3-150200.12.8.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'junit-4.13.2-150200.3.15.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'objectweb-asm-9.7-150200.3.15.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'xom-1.3.9-150200.5.3.3', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'dom4j-2.1.4-150200.12.10.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'hamcrest-2.2-150200.12.17.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'jaxen-2.0.0-150200.5.3.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'jdom-1.1.3-150200.12.8.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'junit-4.13.2-150200.3.15.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'objectweb-asm-9.7-150200.3.15.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'xom-1.3.9-150200.5.3.3', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'dom4j-2.1.4-150200.12.10.2', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'dom4j-2.1.4-150200.12.10.2', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'hamcrest-2.2-150200.12.17.2', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'hamcrest-2.2-150200.12.17.2', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'jaxen-2.0.0-150200.5.3.1', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'jaxen-2.0.0-150200.5.3.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'jdom-1.1.3-150200.12.8.2', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'jdom-1.1.3-150200.12.8.2', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'junit-4.13.2-150200.3.15.2', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'junit-4.13.2-150200.3.15.2', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'objectweb-asm-9.7-150200.3.15.2', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'objectweb-asm-9.7-150200.3.15.2', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'xom-1.3.9-150200.5.3.3', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'xom-1.3.9-150200.5.3.3', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'dom4j-2.1.4-150200.12.10.2', 'sp':'6', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.6']},
    {'reference':'dom4j-2.1.4-150200.12.10.2', 'sp':'6', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.6']},
    {'reference':'hamcrest-2.2-150200.12.17.2', 'sp':'6', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.6']},
    {'reference':'hamcrest-2.2-150200.12.17.2', 'sp':'6', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.6']},
    {'reference':'jaxen-2.0.0-150200.5.3.1', 'sp':'6', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.6']},
    {'reference':'jaxen-2.0.0-150200.5.3.1', 'sp':'6', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.6']},
    {'reference':'jdom-1.1.3-150200.12.8.2', 'sp':'6', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.6']},
    {'reference':'jdom-1.1.3-150200.12.8.2', 'sp':'6', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.6']},
    {'reference':'junit-4.13.2-150200.3.15.2', 'sp':'6', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.6']},
    {'reference':'junit-4.13.2-150200.3.15.2', 'sp':'6', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.6']},
    {'reference':'objectweb-asm-9.7-150200.3.15.2', 'sp':'6', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.6']},
    {'reference':'objectweb-asm-9.7-150200.3.15.2', 'sp':'6', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.6']},
    {'reference':'xom-1.3.9-150200.5.3.3', 'sp':'6', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.6']},
    {'reference':'xom-1.3.9-150200.5.3.3', 'sp':'6', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.6']},
    {'reference':'dom4j-2.1.4-150200.12.10.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4', 'SUSE-Manager-Server-release-4.3']},
    {'reference':'hamcrest-2.2-150200.12.17.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'jaxen-2.0.0-150200.5.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4', 'SUSE-Manager-Server-release-4.3']},
    {'reference':'jdom-1.1.3-150200.12.8.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4', 'SUSE-Manager-Server-release-4.3']},
    {'reference':'junit-4.13.2-150200.3.15.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'objectweb-asm-9.7-150200.3.15.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3']},
    {'reference':'xom-1.3.9-150200.5.3.3', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4', 'SUSE-Manager-Server-release-4.3']},
    {'reference':'dom4j-2.1.4-150200.12.10.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
    {'reference':'hamcrest-2.2-150200.12.17.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
    {'reference':'jaxen-2.0.0-150200.5.3.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
    {'reference':'jdom-1.1.3-150200.12.8.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
    {'reference':'junit-4.13.2-150200.3.15.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
    {'reference':'objectweb-asm-9.7-150200.3.15.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
    {'reference':'xom-1.3.9-150200.5.3.3', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
    {'reference':'dom4j-2.1.4-150200.12.10.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
    {'reference':'hamcrest-2.2-150200.12.17.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
    {'reference':'jaxen-2.0.0-150200.5.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
    {'reference':'jdom-1.1.3-150200.12.8.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
    {'reference':'junit-4.13.2-150200.3.15.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
    {'reference':'objectweb-asm-9.7-150200.3.15.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
    {'reference':'xom-1.3.9-150200.5.3.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
    {'reference':'dom4j-2.1.4-150200.12.10.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'hamcrest-2.2-150200.12.17.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'jaxen-2.0.0-150200.5.3.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'jdom-1.1.3-150200.12.8.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'junit-4.13.2-150200.3.15.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'objectweb-asm-9.7-150200.3.15.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'xom-1.3.9-150200.5.3.3', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'dom4j-2.1.4-150200.12.10.2', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'dom4j-2.1.4-150200.12.10.2', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'hamcrest-2.2-150200.12.17.2', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'hamcrest-2.2-150200.12.17.2', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'jaxen-2.0.0-150200.5.3.1', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'jaxen-2.0.0-150200.5.3.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'jdom-1.1.3-150200.12.8.2', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'jdom-1.1.3-150200.12.8.2', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'junit-4.13.2-150200.3.15.2', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'junit-4.13.2-150200.3.15.2', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'objectweb-asm-9.7-150200.3.15.2', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-basesystem-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'objectweb-asm-9.7-150200.3.15.2', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-basesystem-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'xom-1.3.9-150200.5.3.3', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'xom-1.3.9-150200.5.3.3', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
    {'reference':'dom4j-2.1.4-150200.12.10.2', 'sp':'6', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.6', 'sle-module-development-tools-release-15.6', 'sled-release-15.6', 'sles-release-15.6']},
    {'reference':'dom4j-2.1.4-150200.12.10.2', 'sp':'6', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.6', 'sle-module-development-tools-release-15.6', 'sled-release-15.6', 'sles-release-15.6']},
    {'reference':'hamcrest-2.2-150200.12.17.2', 'sp':'6', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.6', 'sle-module-development-tools-release-15.6', 'sled-release-15.6', 'sles-release-15.6']},
    {'reference':'hamcrest-2.2-150200.12.17.2', 'sp':'6', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.6', 'sle-module-development-tools-release-15.6', 'sled-release-15.6', 'sles-release-15.6']},
    {'reference':'jaxen-2.0.0-150200.5.3.1', 'sp':'6', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.6', 'sle-module-development-tools-release-15.6', 'sled-release-15.6', 'sles-release-15.6']},
    {'reference':'jaxen-2.0.0-150200.5.3.1', 'sp':'6', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.6', 'sle-module-development-tools-release-15.6', 'sled-release-15.6', 'sles-release-15.6']},
    {'reference':'jdom-1.1.3-150200.12.8.2', 'sp':'6', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.6', 'sle-module-development-tools-release-15.6', 'sled-release-15.6', 'sles-release-15.6']},
    {'reference':'jdom-1.1.3-150200.12.8.2', 'sp':'6', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.6', 'sle-module-development-tools-release-15.6', 'sled-release-15.6', 'sles-release-15.6']},
    {'reference':'junit-4.13.2-150200.3.15.2', 'sp':'6', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.6', 'sle-module-development-tools-release-15.6', 'sled-release-15.6', 'sles-release-15.6']},
    {'reference':'junit-4.13.2-150200.3.15.2', 'sp':'6', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.6', 'sle-module-development-tools-release-15.6', 'sled-release-15.6', 'sles-release-15.6']},
    {'reference':'objectweb-asm-9.7-150200.3.15.2', 'sp':'6', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.6', 'sle-module-basesystem-release-15.6', 'sled-release-15.6', 'sles-release-15.6']},
    {'reference':'objectweb-asm-9.7-150200.3.15.2', 'sp':'6', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.6', 'sle-module-basesystem-release-15.6', 'sled-release-15.6', 'sles-release-15.6']},
    {'reference':'xom-1.3.9-150200.5.3.3', 'sp':'6', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.6', 'sle-module-development-tools-release-15.6', 'sled-release-15.6', 'sles-release-15.6']},
    {'reference':'xom-1.3.9-150200.5.3.3', 'sp':'6', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.6', 'sle-module-development-tools-release-15.6', 'sled-release-15.6', 'sles-release-15.6']},
    {'reference':'apiguardian-1.1.2-150200.3.10.2', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'apiguardian-javadoc-1.1.2-150200.3.10.2', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'assertj-core-3.25.3-150200.5.4.3', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'byte-buddy-1.14.16-150200.5.7.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'dom4j-2.1.4-150200.12.10.2', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'dom4j-demo-2.1.4-150200.12.10.2', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'dom4j-javadoc-2.1.4-150200.12.10.2', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'hamcrest-2.2-150200.12.17.2', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'hamcrest-javadoc-2.2-150200.12.17.2', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jaxen-2.0.0-150200.5.3.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jdom-1.1.3-150200.12.8.2', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jopt-simple-5.0.4-150200.3.4.3', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'jopt-simple-javadoc-5.0.4-150200.3.4.3', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'junit-4.13.2-150200.3.15.2', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'junit-javadoc-4.13.2-150200.3.15.2', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'junit-manual-4.13.2-150200.3.15.2', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'junit5-5.10.2-150200.3.10.3', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'junit5-bom-5.10.2-150200.3.10.3', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'junit5-guide-5.10.2-150200.3.10.3', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'junit5-javadoc-5.10.2-150200.3.10.3', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'junit5-minimal-5.10.2-150200.3.10.2', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'objectweb-asm-9.7-150200.3.15.2', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'objectweb-asm-javadoc-9.7-150200.3.15.2', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'open-test-reporting-events-0.1.0~M2-150200.5.7.2', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'open-test-reporting-schema-0.1.0~M2-150200.5.7.2', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'saxpath-1.0-150200.5.3.3', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'xom-1.3.9-150200.5.3.3', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
    {'reference':'apiguardian-1.1.2-150200.3.10.2', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'apiguardian-javadoc-1.1.2-150200.3.10.2', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'assertj-core-3.25.3-150200.5.4.3', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'byte-buddy-1.14.16-150200.5.7.1', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'dom4j-2.1.4-150200.12.10.2', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'dom4j-demo-2.1.4-150200.12.10.2', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'dom4j-javadoc-2.1.4-150200.12.10.2', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'hamcrest-2.2-150200.12.17.2', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'hamcrest-javadoc-2.2-150200.12.17.2', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'jaxen-2.0.0-150200.5.3.1', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'jdom-1.1.3-150200.12.8.2', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'jopt-simple-5.0.4-150200.3.4.3', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'jopt-simple-javadoc-5.0.4-150200.3.4.3', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'junit-4.13.2-150200.3.15.2', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'junit-javadoc-4.13.2-150200.3.15.2', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'junit-manual-4.13.2-150200.3.15.2', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'junit5-5.10.2-150200.3.10.3', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'junit5-bom-5.10.2-150200.3.10.3', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'junit5-guide-5.10.2-150200.3.10.3', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'junit5-javadoc-5.10.2-150200.3.10.3', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'junit5-minimal-5.10.2-150200.3.10.2', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'objectweb-asm-9.7-150200.3.15.2', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'objectweb-asm-javadoc-9.7-150200.3.15.2', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'open-test-reporting-events-0.1.0~M2-150200.5.7.2', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'open-test-reporting-schema-0.1.0~M2-150200.5.7.2', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'saxpath-1.0-150200.5.3.3', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'xom-1.3.9-150200.5.3.3', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'apiguardian-1.1.2-150200.3.10.2', 'sp':'6', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-packagehub-subpackages-release-15.6']},
    {'reference':'assertj-core-3.25.3-150200.5.4.3', 'sp':'6', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-packagehub-subpackages-release-15.6']},
    {'reference':'byte-buddy-1.14.16-150200.5.7.1', 'sp':'6', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-packagehub-subpackages-release-15.6']},
    {'reference':'jopt-simple-5.0.4-150200.3.4.3', 'sp':'6', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-packagehub-subpackages-release-15.6']},
    {'reference':'junit5-5.10.2-150200.3.10.3', 'sp':'6', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-packagehub-subpackages-release-15.6']},
    {'reference':'junit5-minimal-5.10.2-150200.3.10.2', 'sp':'6', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-packagehub-subpackages-release-15.6']},
    {'reference':'open-test-reporting-events-0.1.0~M2-150200.5.7.2', 'sp':'6', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-packagehub-subpackages-release-15.6']},
    {'reference':'open-test-reporting-schema-0.1.0~M2-150200.5.7.2', 'sp':'6', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-packagehub-subpackages-release-15.6']}
];

var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var exists_check = NULL;
  var rpm_spec_vers_cmp = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (reference && _release) {
    if (exists_check) {
      var check_flag = 0;
      foreach var check (exists_check) {
        if (!rpm_exists(release:_release, rpm:check)) continue;
        if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;
        check_flag++;
      }
      if (!check_flag) continue;
    }
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
}

if (flag)
{
  var ltss_plugin_caveat = NULL;
  if(ltss_caveat_required) ltss_plugin_caveat = '\n' +
    'NOTE: This vulnerability check contains fixes that apply to\n' +
    'packages only available in SUSE Enterprise Linux Server LTSS\n' +
    'repositories. Access to these package security updates require\n' +
    'a paid SUSE LTSS subscription.\n';
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + ltss_plugin_caveat
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apiguardian / apiguardian-javadoc / assertj-core / byte-buddy / etc');
}
VendorProductVersionCPE
novellsuse_linuxjdomp-cpe:/a:novell:suse_linux:jdom
novellsuse_linuxbyte-buddyp-cpe:/a:novell:suse_linux:byte-buddy
novellsuse_linuxassertj-corep-cpe:/a:novell:suse_linux:assertj-core
novellsuse_linuxopen-test-reporting-eventsp-cpe:/a:novell:suse_linux:open-test-reporting-events
novellsuse_linuxobjectweb-asmp-cpe:/a:novell:suse_linux:objectweb-asm
novellsuse_linuxjunitp-cpe:/a:novell:suse_linux:junit
novellsuse_linuxjunit5-minimalp-cpe:/a:novell:suse_linux:junit5-minimal
novellsuse_linuxdom4jp-cpe:/a:novell:suse_linux:dom4j
novellsuse_linuxxomp-cpe:/a:novell:suse_linux:xom
novellsuse_linuxhamcrestp-cpe:/a:novell:suse_linux:hamcrest
Rows per page:
1-10 of 161

Related

debian 2
nvd 1
openvas 14
ibm 25
suse 2
nessus 17
osv 5
ubuntucve 1
fedora 2
mageia 1
github 1
prion 1
redhatcve 1
debiancve 1
veracode 1
cve 1
amazon 1
cvelist 1
redhat 4
oracle 4
debian
debian
[SECURITY] [DLA 2696-1] libjdom2-java security update
2021-06-29 11:12:40
[SECURITY] [DLA 2712-1] libjdom1-java security update
2021-07-20 10:39:30
nvd
nvd
CVE-2021-33813
2021-06-16 12:15:12
openvas
openvas
Fedora: Security Advisory for jdom (FEDORA-2021-f88d2dcc47)
2021-10-30 00:00:00
openSUSE: Security Advisory for Java (SUSE-SU-2024:1874-1)
2024-06-05 00:00:00
openSUSE: Security Advisory for jdom2 (openSUSE-SU-2021:2293-1)
2021-07-13 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in jdom affects IBM Common Licensing's Administration And Reporting Tool (ART) (CVE-2021-33813)
2023-01-30 09:38:02
Security Bulletin: XML External Entity injection vulnerability in jdom may affect custom apps in IBM Business Automation Workflow - CVE-2021-33813
2023-09-01 19:47:47
Security Bulletin: A vulnerability in JDOM affects IBM Engineering Lifecycle Optimization - Publishing
2023-10-04 08:04:20
suse
suse
Security update for jdom2 (important)
2021-07-13 00:00:00
Security update for jdom2 (important)
2021-07-12 00:00:00
nessus
nessus
Debian DLA-2712-1 : libjdom1-java - LTS security update
2021-07-20 00:00:00
Amazon Linux 2023 : jdom, jdom-demo, jdom-javadoc (ALAS2023-2023-014)
2023-03-21 00:00:00
openSUSE 15 Security Update : jdom2 (openSUSE-SU-2021:2293-1)
2021-07-16 00:00:00
osv
osv
BIT-solr-2021-33813
2024-03-06 11:06:10
CVE-2021-33813
2021-06-16 12:15:12
XML External Entity (XXE) Injection in JDOM
2021-07-27 19:02:56
ubuntucve
ubuntucve
CVE-2021-33813
2021-06-16 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: jdom-1.1.3-27.fc35
2021-10-29 23:26:25
[SECURITY] Fedora 35 Update: jdom2-2.0.6-24.fc35
2021-10-29 23:26:20
mageia
mageia
Updated jdom/jdom2 packages fix a security vulnerability
2021-07-27 23:21:53
github
github
XML External Entity (XXE) Injection in JDOM
2021-07-27 19:02:56
prion
prion
Cross site request forgery (csrf)
2021-06-16 12:15:00
redhatcve
redhatcve
CVE-2021-33813
2021-06-17 19:27:10
debiancve
debiancve
CVE-2021-33813
2021-06-16 12:15:12
veracode
veracode
XML External Entity (XXE)
2021-06-21 13:01:44
cve
cve
CVE-2021-33813
2021-06-16 12:15:12
amazon
amazon
Medium: jdom
2023-05-11 17:49:00
cvelist
cvelist
CVE-2021-33813
2021-06-16 11:18:14
redhat
redhat
(RHSA-2022:1110) Moderate: Red Hat Decision Manager 7.12.1 security update
2022-03-29 13:12:15
(RHSA-2022:1108) Moderate: Red Hat Process Automation Manager 7.12.1 security update
2022-03-29 12:57:02
(RHSA-2022:1029) Important: Red Hat Integration Camel-K 1.6.4 release and security update
2022-03-23 08:18:30
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.2 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.0%

JSON
Related for SUSE_SU-2024-1874-1.NASL
debian2nvd1openvas14ibm25suse2nessus17osv5ubuntucve1fedora2mageia1github1prion1redhatcve1debiancve1veracode1cve1amazon1cvelist1redhat4oracle4