admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-12-12 22:00:33 +00:00
parent b2feebe324
commit 69acb9dd7d
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
4 changed files with 443 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

145
2020/16xxx/CVE-2020-16216.json
View File

@ -1,25 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-16216",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, \nMX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, \nthe product receives input or data but does not validate or incorrectly \nvalidates that the input has the properties required to process the data\n safely and correctly, which can induce a denial-of-service condition \nthrough a system restart.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Philips ",
"product": {
"product_data": [
{
"product_name": "Philips Patient Information Center iX (PICiX), PerformanceBridge Focal Point, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90, IntelliVue X3 and X2.",
"product_name": "IntelliVue patient monitors",
"version": {
"version_data": [
{
"version_value": "Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior."
"version_affected": "=",
"version_value": "MX100"
},
{
"version_affected": "=",
"version_value": "MX400-550"
},
{
"version_affected": "=",
"version_value": "MX600"
},
{
"version_affected": "=",
"version_value": "MX700"
},
{
"version_affected": "=",
"version_value": "MX750"
},
{
"version_affected": "=",
"version_value": "MX800"
},
{
"version_affected": "=",
"version_value": "MX850"
},
{
"version_affected": "=",
"version_value": "MP2-MP90"
}
]
}
},
{
"product_name": "IntelliVue ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "X2 "
},
{
"version_affected": "=",
"version_value": "X3 "
},
{
"version_affected": "<=",
"version_name": "0",
"version_value": "N"
}
]
}
@ -30,33 +100,56 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01",
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01"
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01"
},
{
"url": "https://www.philips.com/productsecurity",
"refsource": "MISC",
"name": "https://www.philips.com/productsecurity"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart."
}
]
}
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n<p>As a mitigation to these vulnerabilities, Philips recommends the following:</p>\n<ul>\n<li>The Philips patient monitoring network is required to be physically \nor logically isolated from the hospital local area network (LAN). \nPhilips recommends using a firewall or routers that can implement access\n control lists restricting access in and out of the patient monitoring \nnetwork for only necessary ports and IP addresses. Refer to the Philips \nPatient Monitoring System Security for Clinical Networks guide for \nadditional information on <a target=\"_blank\" rel=\"nofollow\" href=\"https://incenter.medical.philips.com/\">InCenter</a>.</li>\n<li>By default, the simple certificate enrollment protocol (SCEP) \nservice is not running. When needed, the service is configured to run \nbased on the duration or the number of certificates to be assigned. One \ncertificate is default, but if a certificate is not issued, the service \nwill continue to run. Limit exposure by ensuring the SCEP service is not\n running unless it is actively being used to enroll new devices.</li>\n<li>When enrolling new devices using SCEP, enter a unique challenge password of 8-12 unpredictable and randomized digits.</li>\n<li>Implement physical security controls to prevent unauthorized login \nattempts on the PIC iX application. Servers should be kept in controlled\n locked data centers. Access to equipment at nurses\u2019 stations should be \ncontrolled and monitored.</li>\n<li>Only grant remote access to PIC iX servers on a must-have basis.</li>\n<li>Grant login privileges to the bedside monitor and PIC iX application\n on a role-based, least-privilege basis, and only to trusted users.</li>\n</ul>\n<p>Users with questions regarding their specific Philips Patient \nInformation Center (PIC iX) and/or IntelliVue patient monitor \ninstallations and new release eligibility should contact their local <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\">Philips service support team, or regional service support</a>, or call 1-800-722-9377.</p>\n<p>Please see the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\">Philips product security website</a> for the Philips advisory and the latest security information for Philips products.</p>\n\n<br>"
}
],
"value": "As a mitigation to these vulnerabilities, Philips recommends the following:\n\n\n\n * The Philips patient monitoring network is required to be physically \nor logically isolated from the hospital local area network (LAN). \nPhilips recommends using a firewall or routers that can implement access\n control lists restricting access in and out of the patient monitoring \nnetwork for only necessary ports and IP addresses. Refer to the Philips \nPatient Monitoring System Security for Clinical Networks guide for \nadditional information on InCenter https://incenter.medical.philips.com/ .\n\n * By default, the simple certificate enrollment protocol (SCEP) \nservice is not running. When needed, the service is configured to run \nbased on the duration or the number of certificates to be assigned. One \ncertificate is default, but if a certificate is not issued, the service \nwill continue to run. Limit exposure by ensuring the SCEP service is not\n running unless it is actively being used to enroll new devices.\n\n * When enrolling new devices using SCEP, enter a unique challenge password of 8-12 unpredictable and randomized digits.\n\n * Implement physical security controls to prevent unauthorized login \nattempts on the PIC iX application. Servers should be kept in controlled\n locked data centers. Access to equipment at nurses\u2019 stations should be \ncontrolled and monitored.\n\n * Only grant remote access to PIC iX servers on a must-have basis.\n\n * Grant login privileges to the bedside monitor and PIC iX application\n on a role-based, least-privilege basis, and only to trusted users.\n\n\n\n\nUsers with questions regarding their specific Philips Patient \nInformation Center (PIC iX) and/or IntelliVue patient monitor \ninstallations and new release eligibility should contact their local Philips service support team, or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , or call 1-800-722-9377.\n\n\nPlease see the Philips product security website https://www.philips.com/productsecurity for the Philips advisory and the latest security information for Philips products.\n\n\n\n\n"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nPhilips released the following versions to remediate reported vulnerabilities:<ul>\n<li>IntelliVue Patient Monitors Versions N.00 and N.01</li>\n<li>IntelliVue Patient Monitors Version M.04: Contact a <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\">Philips service support team</a> for an upgrade path</li>\n<li>Certificate revocation implementation of the \nIntelliVue Patient Monitors will be completed in Q3 of 2024.</li>\n</ul>\n\n<br>"
}
],
"value": "Philips released the following versions to remediate reported vulnerabilities:\n * IntelliVue Patient Monitors Versions N.00 and N.01\n\n * IntelliVue Patient Monitors Version M.04: Contact a Philips service support team https://www.usa.philips.com/healthcare/solutions/customer-service-solutions for an upgrade path\n\n * Certificate revocation implementation of the \nIntelliVue Patient Monitors will be completed in Q3 of 2024.\n\n\n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Julian Suleder, Nils Emmerich, Birk Kauer of ERNW Research GmbH, Dr. Oliver Matula of ERNW Enno, and Rey Netzwerke GmbH reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices), which reported these to Philips."
}
]
}

112
2020/16xxx/CVE-2020-16220.json
View File

@ -1,25 +1,62 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-16220",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Patient Information Center iX (PICiX) Versions C.02, C.03, \nPerformanceBridge Focal Point Version A.01, the product receives input \nthat is expected to be well-formed (i.e., to comply with a certain \nsyntax) but it does not validate or incorrectly validates that the input\n complies with the syntax, causing the certificate enrollment service to\n crash. It does not impact monitoring but prevents new devices from \nenrolling.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
"cweId": "CWE-1286"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Philips ",
"product": {
"product_data": [
{
"product_name": "Philips Patient Information Center iX (PICiX), PerformanceBridge Focal Point, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90, IntelliVue X3 and X2.",
"product_name": "Patient Information Center iX (PICiX)",
"version": {
"version_data": [
{
"version_value": "Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior."
"version_affected": "=",
"version_value": "C.02"
},
{
"version_affected": "=",
"version_value": "C.03"
}
]
}
},
{
"product_name": "PerformanceBridge Focal Point",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "A.01"
}
]
}
@ -30,33 +67,56 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER VALIDATION OF SYNTACTIC CORRECTNESS OF INPUT CWE-1286"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01",
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01"
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01"
},
{
"url": "https://www.philips.com/productsecurity",
"refsource": "MISC",
"name": "https://www.philips.com/productsecurity"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling."
}
]
}
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n<p>As a mitigation to these vulnerabilities, Philips recommends the following:</p>\n<ul>\n<li>The Philips patient monitoring network is required to be physically \nor logically isolated from the hospital local area network (LAN). \nPhilips recommends using a firewall or routers that can implement access\n control lists restricting access in and out of the patient monitoring \nnetwork for only necessary ports and IP addresses. Refer to the Philips \nPatient Monitoring System Security for Clinical Networks guide for \nadditional information on <a target=\"_blank\" rel=\"nofollow\" href=\"https://incenter.medical.philips.com/\">InCenter</a>.</li>\n<li>By default, the simple certificate enrollment protocol (SCEP) \nservice is not running. When needed, the service is configured to run \nbased on the duration or the number of certificates to be assigned. One \ncertificate is default, but if a certificate is not issued, the service \nwill continue to run. Limit exposure by ensuring the SCEP service is not\n running unless it is actively being used to enroll new devices.</li>\n<li>When enrolling new devices using SCEP, enter a unique challenge password of 8-12 unpredictable and randomized digits.</li>\n<li>Implement physical security controls to prevent unauthorized login \nattempts on the PIC iX application. Servers should be kept in controlled\n locked data centers. Access to equipment at nurses\u2019 stations should be \ncontrolled and monitored.</li>\n<li>Only grant remote access to PIC iX servers on a must-have basis.</li>\n<li>Grant login privileges to the bedside monitor and PIC iX application\n on a role-based, least-privilege basis, and only to trusted users.</li>\n</ul>\n<p>Users with questions regarding their specific Philips Patient \nInformation Center (PIC iX) and/or IntelliVue patient monitor \ninstallations and new release eligibility should contact their local <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\">Philips service support team, or regional service support</a>, or call 1-800-722-9377.</p>\n<p>Please see the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\">Philips product security website</a> for the Philips advisory and the latest security information for Philips products.</p>\n\n<br>"
}
],
"value": "As a mitigation to these vulnerabilities, Philips recommends the following:\n\n\n\n * The Philips patient monitoring network is required to be physically \nor logically isolated from the hospital local area network (LAN). \nPhilips recommends using a firewall or routers that can implement access\n control lists restricting access in and out of the patient monitoring \nnetwork for only necessary ports and IP addresses. Refer to the Philips \nPatient Monitoring System Security for Clinical Networks guide for \nadditional information on InCenter https://incenter.medical.philips.com/ .\n\n * By default, the simple certificate enrollment protocol (SCEP) \nservice is not running. When needed, the service is configured to run \nbased on the duration or the number of certificates to be assigned. One \ncertificate is default, but if a certificate is not issued, the service \nwill continue to run. Limit exposure by ensuring the SCEP service is not\n running unless it is actively being used to enroll new devices.\n\n * When enrolling new devices using SCEP, enter a unique challenge password of 8-12 unpredictable and randomized digits.\n\n * Implement physical security controls to prevent unauthorized login \nattempts on the PIC iX application. Servers should be kept in controlled\n locked data centers. Access to equipment at nurses\u2019 stations should be \ncontrolled and monitored.\n\n * Only grant remote access to PIC iX servers on a must-have basis.\n\n * Grant login privileges to the bedside monitor and PIC iX application\n on a role-based, least-privilege basis, and only to trusted users.\n\n\n\n\nUsers with questions regarding their specific Philips Patient \nInformation Center (PIC iX) and/or IntelliVue patient monitor \ninstallations and new release eligibility should contact their local Philips service support team, or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , or call 1-800-722-9377.\n\n\nPlease see the Philips product security website https://www.philips.com/productsecurity for the Philips advisory and the latest security information for Philips products.\n\n\n\n\n"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n<p>Philips released the following versions to remediate reported vulnerabilities:</p>\n<ul>\n<li>Patient Information Center iX (PICiX) Version C.03</li>\n<li>PerformanceBridge Focal Point</li>\n<li>Certificate revocation within the system was implemented for PIC iX and Performance Bridge FocalPoint.</li></ul>\n\n<br>"
}
],
"value": "Philips released the following versions to remediate reported vulnerabilities:\n\n\n\n * Patient Information Center iX (PICiX) Version C.03\n\n * PerformanceBridge Focal Point\n\n * Certificate revocation within the system was implemented for PIC iX and Performance Bridge FocalPoint.\n\n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Julian Suleder, Nils Emmerich, Birk Kauer of ERNW Research GmbH, Dr. Oliver Matula of ERNW Enno, and Rey Netzwerke GmbH reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices), which reported these to Philips."
}
]
}

216
2023/5xxx/CVE-2023-5379.json
View File

@ -1,17 +1,225 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5379",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "upstream",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat build of Quarkus",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Data Grid 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Decision Manager 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
},
{
"product_name": "Red Hat JBoss Data Grid 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat JBoss Fuse 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
},
{
"product_name": "Red Hat JBoss Fuse 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
},
{
"product_name": "Red Hat Process Automation 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
},
{
"product_name": "Red Hat Single Sign-On 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat support for Spring Boot",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5379",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-5379"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

26
2023/5xxx/CVE-2023-5557.json
View File

@ -303,6 +303,27 @@
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:3.1.2-4.el9_2",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
@ -392,6 +413,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:7739"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:7744",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:7744"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5557",
"refsource": "MISC",