{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:c1cab270-7495-46db-812f-f1e2b27eb54f", "version": 1, "metadata": { "timestamp": "2025-01-16T00:00:00Z", "authors": [ { "name": "Connext Security Team", "email": "security@rti.com" } ], "component": { "type": "framework", "bom-ref": "Connext Micro", "supplier": { "name": "Real-Time Innovations, Inc. (RTI)", "url": [ "https://www.rti.com" ] }, "name": "Connext Micro" }, "properties": [ { "name": "last_updated", "value": "2026-04-23T21:54:32Z" } ] }, "vulnerabilities": [ { "bom-ref": "CVE-2019-0190", "id": "CVE-2019-0190", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0190" }, "ratings": [ { "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2019-0190&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2019-0190&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)&version=2" }, "score": 5.0, "severity": "medium", "method": "CVSSv2", "vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "description": "A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.", "published": "2019-01-30T22:29:00Z", "updated": "2024-11-21T04:16:26Z", "analysis": { "state": "not_affected", "justification": "code_not_reachable", "detail": "Connext Micro does not use APACHE Http Server", "firstIssued": "2025-08-15T04:19:45Z", "lastUpdated": "2025-08-18T07:28:45Z" }, "affects": [ { "ref": "Connext Micro" } ], "properties": [ { "name": "rti_id", "value": "THIRDPARTY-401" }, { "name": "xray_id", "value": "XRAY-157901" } ] }, { "bom-ref": "CVE-2024-47554", "id": "CVE-2024-47554", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47554" }, "ratings": [ { "source": { "name": "CISA-ADP", "url": "https://github.com/cisagov/vulnrichment/blob/develop/2024/47xxx/CVE-2024-47554.json" }, "score": 4.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "cwes": [ 400 ], "description": "Uncontrolled Resource Consumption vulnerability in Apache Commons IO.\n\nThe org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.\n\n\nThis issue affects Apache Commons IO: from 2.0 before 2.14.0.\n\nUsers are recommended to upgrade to version 2.14.0 or later, which fixes the issue.", "published": "2024-10-03T12:15:02Z", "updated": "2024-12-04T15:15:11Z", "analysis": { "state": "not_affected", "justification": "code_not_reachable", "detail": "Connext does not use the impacted component.", "firstIssued": "2024-11-25T12:06:41.884000Z", "lastUpdated": "2024-11-27T15:37:49.870000Z" }, "affects": [ { "ref": "Connext Micro" } ], "properties": [ { "name": "rti_id", "value": "THIRDPARTY-277" }, { "name": "xray_id", "value": "XRAY-645644" } ] }, { "bom-ref": "CVE-2025-4575", "id": "CVE-2025-4575", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4575" }, "ratings": [ { "source": { "name": "CISA-ADP", "url": "https://github.com/cisagov/vulnrichment/blob/develop/2025/4xxx/CVE-2025-4575.json" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "cwes": [ 295 ], "description": "Issue summary: Use of -addreject option with the openssl x509 application adds\na trusted use instead of a rejected use for a certificate.\n\nImpact summary: If a user intends to make a trusted certificate rejected for\na particular use it will be instead marked as trusted for that use.\n\nA copy & paste error during minor refactoring of the code introduced this\nissue in the OpenSSL 3.5 version. If, for example, a trusted CA certificate\nshould be trusted only for the purpose of authenticating TLS servers but not\nfor CMS signature verification and the CMS signature verification is intended\nto be marked as rejected with the -addreject option, the resulting CA\ncertificate will be trusted for CMS signature verification purpose instead.\n\nOnly users which use the trusted certificate format who use the openssl x509\ncommand line application to add rejected uses are affected by this issue.\nThe issues affecting only the command line application are considered to\nbe Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue.\n\nOpenSSL 3.4, 3.3, 3.2, 3.1, 3.0, 1.1.1 and 1.0.2 are also not affected by this\nissue.", "published": "2025-05-22T14:16:07Z", "updated": "2025-05-23T15:55:02Z", "analysis": { "state": "not_affected", "justification": "code_not_reachable", "detail": "Lightweight Security does not use any certificates and by extension does not use the x509 application.", "firstIssued": "2025-08-15T04:31:29Z", "lastUpdated": "2025-08-18T07:27:26Z" }, "affects": [ { "ref": "Connext Micro" } ], "properties": [ { "name": "rti_id", "value": "THIRDPARTY-401" }, { "name": "xray_id", "value": "XRAY-703708" } ] }, { "bom-ref": "CVE-2025-9230", "id": "CVE-2025-9230", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230" }, "ratings": [ { "source": { "name": "CISA-ADP", "url": "https://github.com/cisagov/vulnrichment/blob/develop/2025/9xxx/CVE-2025-9230.json" }, "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes": [ 125, 787 ], "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "published": "2025-09-30T14:15:41Z", "updated": "2025-09-30T20:15:41Z", "analysis": { "state": "not_affected", "justification": "code_not_reachable", "detail": "Micro LightWeight Security Plugins do not decrypt CMS messages", "firstIssued": "2025-10-02T18:13:06Z", "lastUpdated": "2025-10-02T18:13:06Z" }, "affects": [ { "ref": "Connext Micro" } ], "properties": [ { "name": "rti_id", "value": "THIRDPARTY-428" }, { "name": "xray_id", "value": "XRAY-725602" } ] }, { "bom-ref": "CVE-2025-9231", "id": "CVE-2025-9231", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9231" }, "ratings": [ { "source": { "name": "CISA-ADP", "url": "https://github.com/cisagov/vulnrichment/blob/develop/2025/9xxx/CVE-2025-9231.json" }, "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "cwes": [ 385 ], "description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", "published": "2025-09-30T14:15:41Z", "updated": "2025-09-30T20:15:41Z", "analysis": { "state": "not_affected", "justification": "code_not_reachable", "detail": "Micro LightWeight Security Plugins do not support the SM2 algorithms. ", "firstIssued": "2025-10-02T18:18:56Z", "lastUpdated": "2025-10-02T18:18:56Z" }, "affects": [ { "ref": "Connext Micro" } ], "properties": [ { "name": "rti_id", "value": "THIRDPARTY-428" }, { "name": "xray_id", "value": "XRAY-725603" } ] }, { "bom-ref": "CVE-2025-9232", "id": "CVE-2025-9232", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232" }, "ratings": [ { "source": { "name": "CISA-ADP", "url": "https://github.com/cisagov/vulnrichment/blob/develop/2025/9xxx/CVE-2025-9232.json" }, "score": 5.9, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes": [ 125 ], "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "published": "2025-09-30T14:15:41Z", "updated": "2025-09-30T20:15:41Z", "analysis": { "state": "not_affected", "justification": "code_not_reachable", "detail": "Micro LightWeight Security Plugins do not use HTTP client API", "firstIssued": "2025-10-02T18:29:55Z", "lastUpdated": "2025-10-02T18:29:55Z" }, "affects": [ { "ref": "Connext Micro" } ], "properties": [ { "name": "rti_id", "value": "THIRDPARTY-428" }, { "name": "xray_id", "value": "XRAY-725604" } ] }, { "bom-ref": "CVE-2025-48924", "id": "CVE-2025-48924", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924" }, "ratings": [ { "source": { "name": "CISA-ADP", "url": "https://github.com/cisagov/vulnrichment/blob/develop/2025/48xxx/CVE-2025-48924.json" }, "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "cwes": [ 674 ], "description": "Uncontrolled Recursion vulnerability in Apache Commons Lang.\n\nThis issue affects Apache Commons Lang: Starting with\u00a0commons-lang:commons-lang\u00a02.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before\u00a03.18.0.\n\nThe methods ClassUtils.getClass(...) can throw\u00a0StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \nStackOverflowError could\u00a0cause an application to stop.\n\nUsers are recommended to upgrade to version 3.18.0, which fixes the issue.", "published": "2025-07-11T15:15:24Z", "updated": "2025-07-28T13:45:38Z", "analysis": { "state": "not_affected", "justification": "code_not_reachable", "detail": "No RTI Connext Micro and RTI Connext Cert products invoke the impacted function ClassUtils.getClass, either within the RTI tools' direct source code or in any plugin dependencies.", "firstIssued": "2025-08-07T10:51:16Z", "lastUpdated": "2025-08-07T10:51:16Z" }, "affects": [ { "ref": "Connext Micro" } ], "properties": [ { "name": "rti_id", "value": "THIRDPARTY-378" }, { "name": "xray_id", "value": "XRAY-710140" } ] }, { "bom-ref": "CVE-2025-68161", "id": "CVE-2025-68161", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68161" }, "ratings": [ { "source": { "name": "security@apache.org" }, "score": 6.3, "severity": "medium", "method": "CVSSv4", "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2025-68161&vector=AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N&version=3.1" }, "score": 4.8, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "cwes": [ 295, 297 ], "description": "The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName configuration attribute or the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName system property is set to true.\n\nThis issue may allow a man-in-the-middle attacker to intercept or redirect log traffic under the following conditions:\n\n * The attacker is able to intercept or redirect network traffic between the client and the log receiver.\n * The attacker can present a server certificate issued by a certification authority trusted by the Socket Appender\u2019s configured trust store (or by the default Java trust store if no custom trust store is configured).\n\n\nUsers are advised to upgrade to Apache Log4j Core version 2.25.3, which addresses this issue.\n\nAs an alternative mitigation, the Socket Appender may be configured to use a private or restricted trust root to limit the set of trusted certificates.", "published": "2025-12-18T21:15:57Z", "updated": "2026-01-12T15:26:10Z", "recommendation": "Update to a Connext Micro release that does not include the vulnerable version of this third-party software.", "analysis": { "state": "exploitable", "detail": "RTI Micro Application Generator is affected by product issue MAG-247, which has a maximum CVSS 3.1 score of 4.8.", "firstIssued": "2026-01-14T14:39:20Z", "lastUpdated": "2026-01-14T14:39:20Z" }, "affects": [ { "ref": "Connext Micro" } ], "properties": [ { "name": "rti_id", "value": "THIRDPARTY-478" }, { "name": "xray_id", "value": "XRAY-905476" }, { "name": "rti_vulnerability_id", "value": "MAG-247" } ] }, { "bom-ref": "CVE-2026-34477", "id": "CVE-2026-34477", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34477" }, "ratings": [ { "source": { "name": "security@apache.org" }, "score": 6.3, "severity": "medium", "method": "CVSSv4", "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" } ], "cwes": [ 297 ], "description": "The fix for CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName system property, but not when configured through the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName attribute of the element.\n\nAlthough the verifyHostName configuration attribute was introduced in Log4j Core 2.12.0, it was silently ignored in all versions through 2.25.3, leaving TLS connections vulnerable to interception regardless of the configured value.\n\nA network-based attacker may be able to perform a man-in-the-middle attack when all of the following conditions are met:\n\n * An SMTP, Socket, or Syslog appender is in use.\n * TLS is configured via a nested element.\n * The attacker can present a certificate issued by a CA trusted by the appender's configured trust store, or by the default Java trust store if none is configured.\nThis issue does not affect users of the HTTP appender, which uses a separate verifyHostname https://logging.apache.org/log4j/2.x/manual/appenders/network.html#HttpAppender-attr-verifyHostName attribute that was not subject to this bug and verifies host names by default.\n\nUsers are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue.", "published": "2026-04-10T16:16:30Z", "updated": "2026-04-13T15:02:06Z", "analysis": { "state": "not_affected", "justification": "code_not_reachable", "detail": "RTI Micro Application Generator does not communicate through any network and is not impacted by sslVerifyHostName.", "firstIssued": "2026-04-23T21:53:40Z", "lastUpdated": "2026-04-23T21:53:40Z" }, "affects": [ { "ref": "Connext Micro" } ], "properties": [ { "name": "rti_id", "value": "THIRDPARTY-573" }, { "name": "xray_id", "value": "XRAY-964590" } ] }, { "bom-ref": "CVE-2026-34478", "id": "CVE-2026-34478", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34478" }, "ratings": [ { "source": { "name": "security@apache.org" }, "score": 6.9, "severity": "medium", "method": "CVSSv4", "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" } ], "cwes": [ 117, 684 ], "description": "Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes.\n\nTwo distinct issues affect users of stream-based syslog services who configure Rfc5424Layout directly:\n\n * The newLineEscape attribute was silently renamed, causing newline escaping to stop working for users of TCP framing (RFC 6587), exposing them to CRLF injection in log output.\n * The useTlsMessageFormat attribute was silently renamed, causing users of TLS framing (RFC 5425) to be silently downgraded to unframed TCP (RFC 6587), without newline escaping.\n\n\nUsers of the SyslogAppender are not affected, as its configuration attributes were not modified.\n\nUsers are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue.", "published": "2026-04-10T16:16:31Z", "updated": "2026-04-13T15:02:06Z", "analysis": { "state": "not_affected", "justification": "code_not_reachable", "detail": "RTI Micro Application Generator does not use the impacted Rfc5424Layout.", "firstIssued": "2026-04-23T21:54:32Z", "lastUpdated": "2026-04-23T21:54:32Z" }, "affects": [ { "ref": "Connext Micro" } ], "properties": [ { "name": "rti_id", "value": "THIRDPARTY-573" }, { "name": "xray_id", "value": "XRAY-964591" } ] }, { "bom-ref": "CVE-2026-34480", "id": "CVE-2026-34480", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34480" }, "ratings": [ { "source": { "name": "security@apache.org" }, "score": 6.9, "severity": "medium", "method": "CVSSv4", "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" } ], "cwes": [ 116 ], "description": "Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/#charsets producing invalid XML output whenever a log message or MDC value contains such characters.\n\nThe impact depends on the StAX implementation in use:\n\n * JRE built-in StAX: Forbidden characters are silently written to the output, producing malformed XML. Conforming parsers must reject such documents with a fatal error, which may cause downstream log-processing systems to drop the affected records.\n * Alternative StAX implementations (e.g., Woodstox https://github.com/FasterXML/woodstox , a transitive dependency of the Jackson XML Dataformat module): An exception is thrown during the logging call, and the log event is never delivered to its intended appender, only to Log4j's internal status logger.\n\n\nUsers are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue by sanitizing forbidden characters before XML output.", "published": "2026-04-10T16:16:31Z", "updated": "2026-04-13T15:02:06Z", "analysis": { "state": "not_affected", "justification": "code_not_reachable", "detail": "RTI Micro Application Generator and RTI Code Generator do not use the impacted XmlLayout", "firstIssued": "2026-04-16T23:21:47Z", "lastUpdated": "2026-04-21T20:18:46Z" }, "affects": [ { "ref": "Connext Micro" } ], "properties": [ { "name": "rti_id", "value": "THIRDPARTY-561" }, { "name": "xray_id", "value": "XRAY-963652" } ] } ] }