{
	"document":{
		"aggregate_severity":{
			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
			"text":"High"
		},
		"category":"csaf_vex",
		"csaf_version":"2.0",
		"distribution":{
			"tlp":{
				"label":"WHITE",
				"url":"https:/www.first.org/tlp/"
			}
		},
		"lang":"en",
		"notes":[
			{
				"text":"aops-zeus security update",
				"category":"general",
				"title":"Synopsis"
			},
			{
				"text":"An update for aops-zeus is now available for openEuler-22.03-LTS-SP1.",
				"category":"general",
				"title":"Summary"
			},
			{
				"text":"A host and user manager service which is the foundation of aops.\n\nSecurity Fix(es):\n\nIn aops-zeus software versions 1.2.0~1.4.1, there is a vulnerability in the plugin management command of the zeus/conf/constant file. Through this vulnerability, an attacker can implant arbitrary commands to be executed on the remote host, which may cause the remote host system to crash, suffering serious consequences of security threats and losses.(CVE-2024-24899)",
				"category":"general",
				"title":"Description"
			},
			{
				"text":"An update for aops-zeus is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
				"category":"general",
				"title":"Topic"
			},
			{
				"text":"High",
				"category":"general",
				"title":"Severity"
			},
			{
				"text":"aops-zeus",
				"category":"general",
				"title":"Affected Component"
			}
		],
		"publisher":{
			"issuing_authority":"openEuler security committee",
			"name":"openEuler",
			"namespace":"https://www.openeuler.org",
			"contact_details":"openeuler-security@openeuler.org",
			"category":"vendor"
		},
		"references":[
			{
				"summary":"openEuler-SA-2024-1293",
				"category":"self",
				"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1293"
			},
			{
				"summary":"CVE-2024-24899",
				"category":"self",
				"url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2024-24899&packageName=aops-zeus"
			},
			{
				"summary":"nvd cve",
				"category":"external",
				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24899"
			},
			{
				"summary":"openEuler-SA-2024-1293 vex file",
				"category":"self",
				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openeuler-sa-2024-1293.json"
			}
		],
		"title":"An update for aops-zeus is now available for openEuler-22.03-LTS-SP1",
		"tracking":{
			"initial_release_date":"2024-03-15T09:13:15+08:00",
			"revision_history":[
				{
					"date":"2024-03-15T09:13:15+08:00",
					"summary":"Initial",
					"number":"1.0.0"
				},
				{
					"date":"2024-10-31T09:13:15+08:00",
					"summary":"final",
					"number":"2.0.0"
				}
			],
			"generator":{
				"date":"2024-10-31T09:13:15+08:00",
				"engine":{
					"name":"openEuler CSAF Tool V1.0"
				}
			},
			"current_release_date":"2024-10-31T09:13:15+08:00",
			"id":"openEuler-SA-2024-1293",
			"version":"2.0.0",
			"status":"final"
		}
	},
	"product_tree":{
		"branches":[
			{
				"name":"openEuler",
				"category":"vendor",
				"branches":[
					{
						"name":"openEuler",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
									},
									"product_id":"openEuler-22.03-LTS-SP1",
									"name":"openEuler-22.03-LTS-SP1"
								},
								"name":"openEuler-22.03-LTS-SP1",
								"category":"product_version"
							}
						],
						"category":"product_name"
					},
					{
						"name":"aarch64",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
									},
									"product_id":"aops-zeus-v1.2.0-5.oe2203sp1.aarch64.rpm",
									"name":"aops-zeus-v1.2.0-5.oe2203sp1.aarch64.rpm"
								},
								"name":"aops-zeus-v1.2.0-5.oe2203sp1.aarch64.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					},
					{
						"name":"src",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
									},
									"product_id":"aops-zeus-v1.2.0-5.oe2203sp1.src.rpm",
									"name":"aops-zeus-v1.2.0-5.oe2203sp1.src.rpm"
								},
								"name":"aops-zeus-v1.2.0-5.oe2203sp1.src.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					},
					{
						"name":"x86_64",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
									},
									"product_id":"aops-zeus-v1.2.0-5.oe2203sp1.x86_64.rpm",
									"name":"aops-zeus-v1.2.0-5.oe2203sp1.x86_64.rpm"
								},
								"name":"aops-zeus-v1.2.0-5.oe2203sp1.x86_64.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					}
				]
			}
		],
		"relationships":[
			{
				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
				"product_reference":"aops-zeus-v1.2.0-5.oe2203sp1.aarch64.rpm",
				"full_product_name":{
					"product_id":"openEuler-22.03-LTS-SP1:aops-zeus-v1.2.0-5.oe2203sp1.aarch64",
					"name":"aops-zeus-v1.2.0-5.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
				"product_reference":"aops-zeus-v1.2.0-5.oe2203sp1.src.rpm",
				"full_product_name":{
					"product_id":"openEuler-22.03-LTS-SP1:aops-zeus-v1.2.0-5.oe2203sp1.src",
					"name":"aops-zeus-v1.2.0-5.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
				"product_reference":"aops-zeus-v1.2.0-5.oe2203sp1.x86_64.rpm",
				"full_product_name":{
					"product_id":"openEuler-22.03-LTS-SP1:aops-zeus-v1.2.0-5.oe2203sp1.x86_64",
					"name":"aops-zeus-v1.2.0-5.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
				},
				"category":"default_component_of"
			}
		]
	},
	"vulnerabilities":[
		{
			"cve":"CVE-2024-24899",
			"notes":[
				{
					"text":"In aops-zeus software versions 1.2.0~1.4.1, there is a vulnerability in the plugin management command of the zeus/conf/constant file. Through this vulnerability, an attacker can implant arbitrary commands to be executed on the remote host, which may cause the remote host system to crash, suffering serious consequences of security threats and losses.",
					"category":"description",
					"title":"Vulnerability Description"
				}
			],
			"product_status":{
				"fixed":[
					"openEuler-22.03-LTS-SP1:aops-zeus-v1.2.0-5.oe2203sp1.aarch64",
					"openEuler-22.03-LTS-SP1:aops-zeus-v1.2.0-5.oe2203sp1.src",
					"openEuler-22.03-LTS-SP1:aops-zeus-v1.2.0-5.oe2203sp1.x86_64"
				]
			},
			"remediations":[
				{
					"product_ids":[
						"openEuler-22.03-LTS-SP1:aops-zeus-v1.2.0-5.oe2203sp1.aarch64",
						"openEuler-22.03-LTS-SP1:aops-zeus-v1.2.0-5.oe2203sp1.src",
						"openEuler-22.03-LTS-SP1:aops-zeus-v1.2.0-5.oe2203sp1.x86_64"
					],
					"details":"aops-zeus security update",
					"category":"vendor_fix",
					"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1293"
				}
			],
			"scores":[
				{
					"cvss_v3":{
						"baseSeverity":"HIGH",
						"baseScore":7.2,
						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
						"version":"3.1"
					},
					"products":[
						"openEuler-22.03-LTS-SP1:aops-zeus-v1.2.0-5.oe2203sp1.aarch64",
						"openEuler-22.03-LTS-SP1:aops-zeus-v1.2.0-5.oe2203sp1.src",
						"openEuler-22.03-LTS-SP1:aops-zeus-v1.2.0-5.oe2203sp1.x86_64"
					]
				}
			],
			"threats":[
				{
					"details":"High",
					"category":"impact"
				}
			],
			"title":"CVE-2024-24899"
		}
	]
}