Merge pull request #3550 from CVEProject/int

jdaigneau5 · web-flow · commit 1b9bec687b3e · 2025-04-29T15:20:02.000-04:00
4/29/25 Release: INT to MAIN
diff --git a/src/assets/data/CNAsList.json b/src/assets/data/CNAsList.json
@@ -7335,7 +7335,7 @@
       "advisories": [
         {
           "label": "Advisories",
-          "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
+          "url": "https://url.sap/sapsecuritypatchday"
         }
       ]
     },
@@ -8705,7 +8705,7 @@
     "shortName": "tibco",
     "cnaID": "CNA-2017-0001",
     "organizationName": "TIBCO Software Inc.",
-    "scope": "TIBCO, Talarian, Spotfire, Data Synapse, Foresight, Kabira, Proginet, LogLogic, StreamBase, JasperSoft, and Mashery products/brands only.",
+    "scope": "TIBCO issues only.",
     "contact": [
       {
         "email": [
@@ -10214,32 +10214,46 @@
     "shortName": "PingIdentity",
     "cnaID": "CNA-2021-0042",
     "organizationName": "Ping Identity Corporation",
-    "scope": "All Ping Identity products (supported products and end-of-life/end-of-service products), as well as vulnerabilities in third-party software discovered by Ping Identity that are not in another CNA’s scope.",
+    "scope": "All Ping Identity and ForgeRock products (supported products and end-of-life/end-of-service products), as well as vulnerabilities in third-party software discovered by Ping Identity or ForgeRock that are not in another CNA’s scope.",
     "contact": [
       {
         "email": [
           {
-            "label": "Email",
-            "emailAddr": "responsible-disclosure@pingidentity.com"
+            "label": "Security Email",
+            "emailAddr": "security@pingidentity.com"
+          },
+          {
+            "label": "PSIRT Email",
+            "emailAddr": "psirt@pingidentity.com"
+          }
+        ],
+        "contact": [
+          {
+            "label": "Bug Bounty Program",
+            "url": "https://hackerone.com/pingidentity"
           }
         ],
-        "contact": [],
         "form": []
       }
     ],
     "disclosurePolicy": [
       {
         "label": "Policy",
-        "language": "English",
+        "language": "",
         "url": "https://www.pingidentity.com/en/company/security-at-ping-identity.html"
+      },
+      {
+        "label": "Ping Identity PGP Keys",
+        "language": "",
+        "url": "https://www.pingidentity.com/.well-known/security.txt"
       }
     ],
     "securityAdvisories": {
       "alerts": [],
       "advisories": [
         {
           "label": "Advisories",
-          "url": "https://support.pingidentity.com/"
+          "url": "https://docs.pingidentity.com/pingam/latest/release-notes/security-advisories.html"
         }
       ]
     },
@@ -10732,63 +10746,6 @@
     },
     "country": "USA"
   },
-  {
-    "shortName": "ForgeRock",
-    "cnaID": "CNA-2021-0046",
-    "organizationName": "ForgeRock, Inc.",
-    "scope": "ForgeRock issues only.",
-    "contact": [
-      {
-        "email": [
-          {
-            "label": "Email",
-            "emailAddr": "psirt@forgerock.com"
-          }
-        ],
-        "contact": [],
-        "form": []
-      }
-    ],
-    "disclosurePolicy": [
-      {
-        "label": "Policy",
-        "language": "English",
-        "url": "https://www.forgerock.com/vulnerability-disclosure"
-      }
-    ],
-    "securityAdvisories": {
-      "alerts": [],
-      "advisories": [
-        {
-          "label": "Advisories",
-          "url": "https://backstage.forgerock.com/knowledge/kb/book/b21824339"
-        }
-      ]
-    },
-    "resources": [],
-    "CNA": {
-      "isRoot": false,
-      "root": {
-        "shortName": "n/a",
-        "organizationName": "n/a"
-      },
-      "type": [
-        "Vendor",
-        "Open Source"
-      ],
-      "TLR": {
-        "shortName": "mitre",
-        "organizationName": "MITRE Corporation"
-      },
-      "roles": [
-        {
-          "helpText": "",
-          "role": "CNA"
-        }
-      ]
-    },
-    "country": "USA"
-  },
   {
     "shortName": "ASUSTOR",
     "cnaID": "CNA-2021-0048",
@@ -26059,5 +26016,62 @@
       ]
     },
     "country": "USA"
+  },
+  {
+    "shortName": "Insyde",
+    "cnaID": "CNA-2025-0022",
+    "organizationName": "Insyde Software",
+    "scope": "Vulnerabilities in all of Insyde Software’s firmware and software products, as well as vulnerabilities discovered by Insyde Software that are not covered by another CNA’s scope.",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "security.report@insyde.com"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://www.insyde.com/security-pledge/"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://www.insyde.com/security-pledge/"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "type": [
+        "Vendor",
+        "Researcher"
+      ]
+    },
+    "country": "USA"
   }
 ]
diff --git a/src/assets/data/metrics.json b/src/assets/data/metrics.json
@@ -1141,7 +1141,7 @@
         },
         {
           "month": "April",
-          "value": "6"
+          "value": "7"
         },
         {
           "month": "May",
diff --git a/src/assets/data/news.json b/src/assets/data/news.json
@@ -1,5 +1,43 @@
 {
   "currentNews": [
+    {
+      "id": 514,
+      "newsType": "news",
+      "title": "Insyde Software Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "Insyde Software Added as CNA",
+      "date": "2025-04-29",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/Insyde'>Insyde Software</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for vulnerabilities in all of Insyde Software’s firmware and software products, as well as vulnerabilities discovered by Insyde Software that are not covered by another CNA’s scope."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>453 CNAs</a> (450 CNAs and 3 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Insyde Software is the 244th CNA from USA."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Insyde Software’s Root is the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE Top-Level Root</a>."
+        }
+      ]
+    },
+    {
+      "id": 513,
+      "newsType": "news",
+      "title": "Minutes from CVE Board Teleconference Meeting on April 2 Now Available",
+      "urlKeywords": "CVE Board Minutes from April 2",
+      "date": "2025-04-29",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "The <a href='/ProgramOrganization/Board'>CVE Board</a> held a teleconference meeting on April 2, 2025. Read the <a href='https://cve.mitre.org/community/board/meeting_summaries/02_April_2025.pdf' target='_blank'>meeting minutes summary</a>."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "The CVE Board is the organization responsible for the strategic direction, governance, operational structure, policies, and rules of the CVE Program. The Board includes members from numerous cybersecurity-related organizations including commercial security tool vendors, academia, research institutions, government departments and agencies, and other prominent security experts, as well as end-users of vulnerability information."
+        }
+      ]
+    },
     {
       "id": 512,
       "newsType": "news",
@@ -2965,15 +3003,15 @@
         },
         {
           "contentnewsType": "paragraph",
-          "content": "<ul><li><a href='/PartnerInformation/ListofPartners/partner/ASUS'>ASUSTeK Computer Incorporation</a> - ASUS issues only (Taiwan)</li><li><a href='/PartnerInformation/ListofPartners/partner/Cytiva'>Cytiva</a> - Cytiva branded products only (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/Pall'>Pall Corporation</a> - Pall branded products only (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/Stryker'>Stryker Corporation</a> - All products of Stryker or a Stryker company including end-of-life/end-of-service products, and vulnerabilities in third-party software used in Stryker products that are not in another CNA’s scope (USA)</li></ul>"
+          "content": "<ul><li><a href='/PartnerInformation/ListofPartners/partner/ASUS'>ASUSTeK Computer Incorporation</a> - ASUS issues only (Taiwan)</li><li><a href='/PartnerInformation/ListofPartners/partner/Cytiva'>Cytiva</a> - Cytiva branded products only (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/LMS'>Leica Microsystems</a> - Leica Microsystems products as listed on <a href='https://www.leica-microsystems.com/products' target='_blank'>https://www.leica-microsystems.com/products</a> (Germany)</li><li><a href='/PartnerInformation/ListofPartners/partner/Pall'>Pall Corporation</a> - Pall branded products only (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/Stryker'>Stryker Corporation</a> - All products of Stryker or a Stryker company including end-of-life/end-of-service products, and vulnerabilities in third-party software used in Stryker products that are not in another CNA’s scope (USA)</li></ul>"
         },
         {
           "contentnewsType": "paragraph",
           "content": "<strong><a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE TL-Root</a>:</strong>"
         },
         {
           "contentnewsType": "paragraph",
-          "content": "<ul><li><a href='/PartnerInformation/ListofPartners/partner/AMZN'>Amazon</a> - All Amazon and AWS products (including subsidiaries, supported, and EOL/EOS products), as well as vulnerabilities in third party software discovered by Amazon/AWS that are not in another CNA’s scope (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/Arxscan'>Arxscan, Inc.</a> - Arxscan issues only (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/Cato'>Cato Networks</a> - All Cato Networks products and vulnerabilities in third-party products affecting Cato products unless covered by the scope of another CNA (Israel)</li><li><a href='/PartnerInformation/ListofPartners/partner/Forescout'>Forescout Technologies</a> - Forescout issues only (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/Huntress'>Huntress Labs Inc.</a> - All Huntress products, as well as vulnerabilities in third-party software discovered by Huntress that are not in another CNA’s scope (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/imaginationtech'>Imagination Technologies</a> - Imagination Technologies branded products and technologies and Imagination Technologies (IMG) managed open source projects (UK)</li><li><a href='/PartnerInformation/ListofPartners/partner/Intigriti'>Intigriti</a> - Vulnerabilities in Intigriti products and vulnerabilities discovered by, or reported to, Intigriti that are not in another CNA’s scope (Belgium)</li><li><a href='/PartnerInformation/ListofPartners/partner/ivanti'>Ivanti</a> - Vulnerabilities in supported Ivanti products and infrastructure, excluding third-party components, and meeting severity thresholds defined in Ivanti’s Disclosure Policy found <a href='https://www.ivanti.com/support/contact-security' target='_blank'>here</a> (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/Kong'>Kong Inc.</a> - Kong products; Kong Konnect, Kong Enterprise, Kong Mesh, and Kong Insomnia, including Kong Opensource; Kong Gateway, Kuma, Insomnia (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/LMS'>Leica Microsystems</a> - Leica Microsystems products as listed on <a href='https://www.leica-microsystems.com/products' target='_blank'>https://www.leica-microsystems.com/products</a> (Germany)</li><li><a href='/PartnerInformation/ListofPartners/partner/MON-CSIRT'>Monash University - Cyber Security Incident Response Team</a> - Vulnerabilities in any Monash University developed products, or vulnerabilities identified in third-party vendor products used by Monash University, unless covered by the scope of another CNA (Australia)</li><li><a href='/PartnerInformation/ListofPartners/partner/PlexTrac'>PlexTrac, Inc.</a> - Vulnerabilities within PlexTrac’s products (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/Proton'>Proton AG</a> - Proton AG issues only (Switzerland)</li><li><a href='/PartnerInformation/ListofPartners/partner/RealPage'>RealPage</a> - Vulnerabilities in RealPage products and services including but not limited to: Keyready, Knock CRM, HomeWiseDocs, REDS (Real Estate Data Solutions), G5, WhiteSky Communications, Chirp Systems, STRATIS IoT, Modern Message (Community Rewards), Hipercept, Investor Management Services, AIM, FUEL, Buildium, All Property Management, SimpleBills, DepositIQ, Rentlytics, ClickPay, LeaseLabs, PEX, On-Site, American Utility Management (AUM), Axiometrics, Lease Rent Optimization (LRO), AssetEye, NWP Services Corporation, Indatus, ActiveBuilding, RentMineOnline (RMO), MyNewPlace, Compliance Depot, SeniorLiving.net, eREI, Domin-8, Level One, Propertyware, Opstechnology, LeasingDesk, and YieldStar (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/seal'>Seal Security</a> - Vulnerabilities in Seal products or services and vulnerabilities discovered in open-source libraries unless covered by the scope of another CNA (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/Supermicro'>Super Micro Computer, Inc.</a> - Supermicro branded products, managed system, or software projects (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/upKeeper'>upKeeper Solutions</a> - All upKeeper Solutions products, excluding end-of-life (EOL) as listed in the upKeeper Solutions End of Life Policy (Sweden)</li><li><a href='/PartnerInformation/ListofPartners/partner/watchdog'>WatchDogDevelopment.com, LLC</a> - All WatchDog products (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/Wiz'>Wiz, Inc.</a> - Vulnerabilities identified in Wiz products, and vulnerabilities discovered by, or reported to, Wiz that are not in another CNA’s scope (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/9front'>9front Systems</a> - All software produced as part of the Plan9front open source operating system, as well as its applications and cyberinfrastructure. Vulnerabilities discovered by or reported to 9front Systems for all Plan 9 software not covered by the scope of another CNA (USA)</li></ul>"
+          "content": "<ul><li><a href='/PartnerInformation/ListofPartners/partner/AMZN'>Amazon</a> - All Amazon and AWS products (including subsidiaries, supported, and EOL/EOS products), as well as vulnerabilities in third party software discovered by Amazon/AWS that are not in another CNA’s scope (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/Arxscan'>Arxscan, Inc.</a> - Arxscan issues only (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/Cato'>Cato Networks</a> - All Cato Networks products and vulnerabilities in third-party products affecting Cato products unless covered by the scope of another CNA (Israel)</li><li><a href='/PartnerInformation/ListofPartners/partner/Forescout'>Forescout Technologies</a> - Forescout issues only (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/Huntress'>Huntress Labs Inc.</a> - All Huntress products, as well as vulnerabilities in third-party software discovered by Huntress that are not in another CNA’s scope (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/imaginationtech'>Imagination Technologies</a> - Imagination Technologies branded products and technologies and Imagination Technologies (IMG) managed open source projects (UK)</li><li><a href='/PartnerInformation/ListofPartners/partner/Intigriti'>Intigriti</a> - Vulnerabilities in Intigriti products and vulnerabilities discovered by, or reported to, Intigriti that are not in another CNA’s scope (Belgium)</li><li><a href='/PartnerInformation/ListofPartners/partner/ivanti'>Ivanti</a> - Vulnerabilities in supported Ivanti products and infrastructure, excluding third-party components, and meeting severity thresholds defined in Ivanti’s Disclosure Policy found <a href='https://www.ivanti.com/support/contact-security' target='_blank'>here</a> (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/Kong'>Kong Inc.</a> - Kong products; Kong Konnect, Kong Enterprise, Kong Mesh, and Kong Insomnia, including Kong Opensource; Kong Gateway, Kuma, Insomnia (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/MON-CSIRT'>Monash University - Cyber Security Incident Response Team</a> - Vulnerabilities in any Monash University developed products, or vulnerabilities identified in third-party vendor products used by Monash University, unless covered by the scope of another CNA (Australia)</li><li><a href='/PartnerInformation/ListofPartners/partner/PlexTrac'>PlexTrac, Inc.</a> - Vulnerabilities within PlexTrac’s products (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/Proton'>Proton AG</a> - Proton AG issues only (Switzerland)</li><li><a href='/PartnerInformation/ListofPartners/partner/RealPage'>RealPage</a> - Vulnerabilities in RealPage products and services including but not limited to: Keyready, Knock CRM, HomeWiseDocs, REDS (Real Estate Data Solutions), G5, WhiteSky Communications, Chirp Systems, STRATIS IoT, Modern Message (Community Rewards), Hipercept, Investor Management Services, AIM, FUEL, Buildium, All Property Management, SimpleBills, DepositIQ, Rentlytics, ClickPay, LeaseLabs, PEX, On-Site, American Utility Management (AUM), Axiometrics, Lease Rent Optimization (LRO), AssetEye, NWP Services Corporation, Indatus, ActiveBuilding, RentMineOnline (RMO), MyNewPlace, Compliance Depot, SeniorLiving.net, eREI, Domin-8, Level One, Propertyware, Opstechnology, LeasingDesk, and YieldStar (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/seal'>Seal Security</a> - Vulnerabilities in Seal products or services and vulnerabilities discovered in open-source libraries unless covered by the scope of another CNA (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/Supermicro'>Super Micro Computer, Inc.</a> - Supermicro branded products, managed system, or software projects (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/upKeeper'>upKeeper Solutions</a> - All upKeeper Solutions products, excluding end-of-life (EOL) as listed in the upKeeper Solutions End of Life Policy (Sweden)</li><li><a href='/PartnerInformation/ListofPartners/partner/watchdog'>WatchDogDevelopment.com, LLC</a> - All WatchDog products (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/Wiz'>Wiz, Inc.</a> - Vulnerabilities identified in Wiz products, and vulnerabilities discovered by, or reported to, Wiz that are not in another CNA’s scope (USA)</li><li><a href='/PartnerInformation/ListofPartners/partner/9front'>9front Systems</a> - All software produced as part of the Plan9front open source operating system, as well as its applications and cyberinfrastructure. Vulnerabilities discovered by or reported to 9front Systems for all Plan 9 software not covered by the scope of another CNA (USA)</li></ul>"
         },
         {
           "contentnewsType": "paragraph",

Original file line number	Diff line number	Diff line change
`@@ -1141,7 +1141,7 @@`
`1141`	`1141`	`},`
`1142`	`1142`	`{`
`1143`	`1143`	`"month": "April",`
`1144`		`- "value": "6"`
	`1144`	`+ "value": "7"`
`1145`	`1145`	`},`
`1146`	`1146`	`{`
`1147`	`1147`	`"month": "May",`