{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform für die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um einen Denial of Service Angriff durchzuführen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder Cross-Site-Scripting-Angriffe durchzuführen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Sonstiges\n- UNIX", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-0935 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0935.json" }, { "category" : "self", "summary" : "WID-SEC-2026-0935 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0935" }, { "category" : "external", "summary" : "Red Hat Security Advisory vom 2026-03-31", "url" : "https://access.redhat.com/errata/RHSA-2026:6308" }, { "category" : "external", "summary" : "Red Hat Security Advisory vom 2026-03-31", "url" : "https://access.redhat.com/errata/RHSA-2026:6309" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:6404 vom 2026-04-01", "url" : "https://access.redhat.com/errata/RHSA-2026:6404" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:6278 vom 2026-04-01", "url" : "https://access.redhat.com/errata/RHSA-2026:6278" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS2-2026-3215 vom 2026-04-01", "url" : "https://alas.aws.amazon.com/AL2/ALAS2-2026-3215.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2026:20929-1 vom 2026-04-01", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025088.html" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:5910 vom 2026-04-02", "url" : "https://access.redhat.com/errata/RHSA-2026:5910" } ], "source_lang" : "en-US", "title" : "Red Hat Ansible Automation Platform: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2026-04-01T22:00:00.000+00:00", "generator" : { "date" : "2026-04-02T10:44:13.293+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.5.0" } }, "id" : "WID-SEC-W-2026-0935", "initial_release_date" : "2026-03-31T22:00:00.000+00:00", "revision_history" : [ { "date" : "2026-03-31T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2026-04-01T22:00:00.000+00:00", "number" : "2", "summary" : "Neue Updates von Red Hat, Amazon und SUSE aufgenommen" } ], "status" : "final", "version" : "2" } }, "product_tree" : { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Amazon Linux 2", "product" : { "name" : "Amazon Linux 2", "product_id" : "398363", "product_identification_helper" : { "cpe" : "cpe:/o:amazon:linux_2:-" } } } ], "category" : "vendor", "name" : "Amazon" }, { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "<2.5", "product" : { "name" : "Red Hat Ansible Automation Platform <2.5", "product_id" : "T052317" } }, { "category" : "product_version", "name" : "2.5", "product" : { "name" : "Red Hat Ansible Automation Platform 2.5", "product_id" : "T052317-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5" } } }, { "category" : "product_version_range", "name" : "<2.6", "product" : { "name" : "Red Hat Ansible Automation Platform <2.6", "product_id" : "T052318" } }, { "category" : "product_version", "name" : "2.6", "product" : { "name" : "Red Hat Ansible Automation Platform 2.6", "product_id" : "T052318-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6" } } } ], "category" : "product_name", "name" : "Ansible Automation Platform" }, { "category" : "product_name", "name" : "Red Hat Enterprise Linux", "product" : { "name" : "Red Hat Enterprise Linux", "product_id" : "67646", "product_identification_helper" : { "cpe" : "cpe:/o:redhat:enterprise_linux:-" } } } ], "category" : "vendor", "name" : "Red Hat" }, { "branches" : [ { "category" : "product_name", "name" : "SUSE Linux", "product" : { "name" : "SUSE Linux", "product_id" : "T002207", "product_identification_helper" : { "cpe" : "cpe:/o:suse:suse_linux:-" } } } ], "category" : "vendor", "name" : "SUSE" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2025-69223", "product_status" : { "known_affected" : [ "T002207", "67646", "T052317", "T052318", "398363" ] }, "release_date" : "2026-03-31T22:00:00.000+00:00", "title" : "CVE-2025-69223" }, { "cve" : "CVE-2025-69873", "product_status" : { "known_affected" : [ "T002207", "67646", "T052317", "T052318", "398363" ] }, "release_date" : "2026-03-31T22:00:00.000+00:00", "title" : "CVE-2025-69873" }, { "cve" : "CVE-2026-25639", "product_status" : { "known_affected" : [ "T002207", "67646", "T052317", "T052318", "398363" ] }, "release_date" : "2026-03-31T22:00:00.000+00:00", "title" : "CVE-2026-25639" }, { "cve" : "CVE-2026-25990", "product_status" : { "known_affected" : [ "T002207", "67646", "T052317", "T052318", "398363" ] }, "release_date" : "2026-03-31T22:00:00.000+00:00", "title" : "CVE-2026-25990" }, { "cve" : "CVE-2026-29074", "product_status" : { "known_affected" : [ "T002207", "67646", "T052317", "T052318", "398363" ] }, "release_date" : "2026-03-31T22:00:00.000+00:00", "title" : "CVE-2026-29074" }, { "cve" : "CVE-2026-30827", "product_status" : { "known_affected" : [ "T002207", "67646", "T052317", "T052318", "398363" ] }, "release_date" : "2026-03-31T22:00:00.000+00:00", "title" : "CVE-2026-30827" }, { "cve" : "CVE-2026-30922", "product_status" : { "known_affected" : [ "T002207", "67646", "T052317", "T052318", "398363" ] }, "release_date" : "2026-03-31T22:00:00.000+00:00", "title" : "CVE-2026-30922" }, { "cve" : "CVE-2026-26007", "product_status" : { "known_affected" : [ "T002207", "67646", "T052317", "T052318", "398363" ] }, "release_date" : "2026-03-31T22:00:00.000+00:00", "title" : "CVE-2026-26007" }, { "cve" : "CVE-2026-1615", "product_status" : { "known_affected" : [ "T002207", "67646", "T052317", "T052318", "398363" ] }, "release_date" : "2026-03-31T22:00:00.000+00:00", "title" : "CVE-2026-1615" }, { "cve" : "CVE-2026-28498", "product_status" : { "known_affected" : [ "T002207", "67646", "T052317", "T052318", "398363" ] }, "release_date" : "2026-03-31T22:00:00.000+00:00", "title" : "CVE-2026-28498" }, { "cve" : "CVE-2026-28802", "product_status" : { "known_affected" : [ "T002207", "67646", "T052317", "T052318", "398363" ] }, "release_date" : "2026-03-31T22:00:00.000+00:00", "title" : "CVE-2026-28802" } ] }