{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "MISP ist eine Open-Source-Plattform für den Informationsaustausch über Bedrohungen.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in MISP ausnutzen, um Sicherheitsmechanismen zu umgehen, um Daten offenzulegen, zu manipulieren oder zu löschen, um Benutzer zu täuschen und um Benutzerkonten zu manipulieren", "title" : "Angriff" }, { "category" : "general", "text" : "- Linux\n- UNIX", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-1800 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1800.json" }, { "category" : "self", "summary" : "WID-SEC-2026-1800 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1800" }, { "category" : "external", "summary" : "MISP Pull Requests vom 2026-06-04", "url" : "https://github.com/MISP/MISP/pulls" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-3636-3MQQ-Q7X9 vom 2026-06-04", "url" : "https://github.com/advisories/GHSA-3636-3MQQ-Q7X9" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-243V-5F97-VFQ3 vom 2026-06-04", "url" : "https://github.com/advisories/GHSA-243V-5F97-VFQ3" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-RX96-8W86-5HHH vom 2026-06-04", "url" : "https://github.com/advisories/GHSA-RX96-8W86-5HHH" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-MQM2-JJX4-44GX vom 2026-06-04", "url" : "https://github.com/advisories/GHSA-MQM2-JJX4-44GX" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-9GJJ-GMCX-6FHJ vom 2026-06-04", "url" : "https://github.com/advisories/GHSA-9GJJ-GMCX-6FHJ" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-FPXH-9966-H5G3 vom 2026-06-04", "url" : "https://github.com/advisories/GHSA-FPXH-9966-H5G3" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-h7wj-m45x-884x vom 2026-06-04", "url" : "https://github.com/advisories/GHSA-h7wj-m45x-884x" } ], "source_lang" : "en-US", "title" : "MISP: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2026-06-04T22:00:00.000+00:00", "generator" : { "date" : "2026-06-05T11:07:25.024+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.6.0" } }, "id" : "WID-SEC-W-2026-1800", "initial_release_date" : "2026-06-04T22:00:00.000+00:00", "revision_history" : [ { "date" : "2026-06-04T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" } ], "status" : "final", "version" : "1" } }, "product_tree" : { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Open Source MISP", "product" : { "name" : "Open Source MISP", "product_id" : "T051330", "product_identification_helper" : { "cpe" : "cpe:/a:misp:misp:-" } } } ], "category" : "vendor", "name" : "Open Source" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-10854", "product_status" : { "known_affected" : [ "T051330" ] }, "release_date" : "2026-06-04T22:00:00.000+00:00", "title" : "CVE-2026-10854" }, { "cve" : "CVE-2026-10855", "product_status" : { "known_affected" : [ "T051330" ] }, "release_date" : "2026-06-04T22:00:00.000+00:00", "title" : "CVE-2026-10855" }, { "cve" : "CVE-2026-10856", "product_status" : { "known_affected" : [ "T051330" ] }, "release_date" : "2026-06-04T22:00:00.000+00:00", "title" : "CVE-2026-10856" }, { "cve" : "CVE-2026-10860", "product_status" : { "known_affected" : [ "T051330" ] }, "release_date" : "2026-06-04T22:00:00.000+00:00", "title" : "CVE-2026-10860" }, { "cve" : "CVE-2026-10861", "product_status" : { "known_affected" : [ "T051330" ] }, "release_date" : "2026-06-04T22:00:00.000+00:00", "title" : "CVE-2026-10861" }, { "cve" : "CVE-2026-10864", "product_status" : { "known_affected" : [ "T051330" ] }, "release_date" : "2026-06-04T22:00:00.000+00:00", "title" : "CVE-2026-10864" }, { "cve" : "CVE-2026-10868", "product_status" : { "known_affected" : [ "T051330" ] }, "release_date" : "2026-06-04T22:00:00.000+00:00", "title" : "CVE-2026-10868" } ] }