{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2014-9649","title":"Title"},{"category":"description","text":"Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2014-9649","url":"https://www.suse.com/security/cve/CVE-2014-9649"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 915325 for CVE-2014-9649","url":"https://bugzilla.suse.com/915325"},{"category":"external","summary":"SUSE Bug 915326 for CVE-2014-9649","url":"https://bugzilla.suse.com/915326"}],"title":"SUSE CVE CVE-2014-9649","tracking":{"current_release_date":"2025-10-08T00:18:18Z","generator":{"date":"2023-02-15T05:24:46Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2014-9649","initial_release_date":"2023-02-15T05:24:46Z","revision_history":[{"date":"2023-02-15T05:24:46Z","number":"2","summary":"Current version"},{"date":"2025-03-16T05:04:58Z","number":"3","summary":"Current version"},{"date":"2025-04-25T11:34:49Z","number":"4","summary":"Current version"},{"date":"2025-10-08T00:18:18Z","number":"5","summary":"Current version"}],"status":"interim","version":"5"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Cloud 5","product":{"name":"SUSE Cloud 5","product_id":"SUSE Cloud 5","product_identification_helper":{"cpe":"cpe:/a:suse:suse-cloud:5"}}},{"category":"product_version","name":"rabbitmq-server","product":{"name":"rabbitmq-server","product_id":"rabbitmq-server","product_identification_helper":{"cpe":"cpe:2.3:a:vmware:rabbitmq:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/rabbitmq-server@?upstream=rabbitmq-server.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"rabbitmq-server as component of SUSE Cloud 2.0","product_id":"SUSE Cloud 2.0:rabbitmq-server"},"product_reference":"rabbitmq-server","relates_to_product_reference":"SUSE Cloud 2.0"},{"category":"default_component_of","full_product_name":{"name":"rabbitmq-server as component of SUSE Cloud 4","product_id":"SUSE Cloud 4:rabbitmq-server"},"product_reference":"rabbitmq-server","relates_to_product_reference":"SUSE Cloud 4"},{"category":"default_component_of","full_product_name":{"name":"rabbitmq-server as component of SUSE Cloud 4 Dependencies","product_id":"SUSE Cloud 4 Dependencies:rabbitmq-server"},"product_reference":"rabbitmq-server","relates_to_product_reference":"SUSE Cloud 4 Dependencies"},{"category":"default_component_of","full_product_name":{"name":"rabbitmq-server as component of SUSE Cloud 5","product_id":"SUSE Cloud 5:rabbitmq-server"},"product_reference":"rabbitmq-server","relates_to_product_reference":"SUSE Cloud 5"}]},"vulnerabilities":[{"cve":"CVE-2014-9649","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2014-9649"}],"notes":[{"category":"general","text":"Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Cloud 5:rabbitmq-server"]},"references":[{"category":"external","summary":"CVE-2014-9649","url":"https://www.suse.com/security/cve/CVE-2014-9649"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 915325 for CVE-2014-9649","url":"https://bugzilla.suse.com/915325"},{"category":"external","summary":"SUSE Bug 915326 for CVE-2014-9649","url":"https://bugzilla.suse.com/915326"}],"remediations":[{"category":"no_fix_planned","details":"There is no fix planned for these products.\n","product_ids":["SUSE Cloud 2.0:rabbitmq-server","SUSE Cloud 4:rabbitmq-server","SUSE Cloud 4 Dependencies:rabbitmq-server"]}],"threats":[{"category":"impact","date":"2015-01-27T17:56:07Z","details":"moderate"}],"title":"CVE-2014-9649"}]}