All the vulnerabilites related to Red Hat - JBoss Enterprise Application Platform
var-201905-0262
Vulnerability from variot

It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing. Wildfly Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. RedHatWildfly is a JavaEE-based lightweight open source application server from RedHat. Elytronsubsystem is one of the security framework subsystems. Permissions and access control issues vulnerabilities exist in the ElytronManagedThread of the Elytron subsystem in the RedHatWildfly11 to 16 release. The vulnerability stems from the lack of effective permissions and access control measures for network systems or products.

The References section of this erratum contains a download link (you must log in to download the update).

The JBoss server process must be restarted for the update to take effect. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 7 security update Advisory ID: RHSA-2019:1108-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2019:1108 Issue date: 2019-05-08 CVE Names: CVE-2018-11307 CVE-2018-12022 CVE-2018-12023 CVE-2018-14642 CVE-2018-14720 CVE-2018-14721 CVE-2019-3805 CVE-2019-3894 ==================================================================== 1. Summary:

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat JBoss EAP 7.2 for RHEL 7 Server - noarch, x86_64

  1. Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on JBoss Application Server 7.

This release of Red Hat JBoss Enterprise Application Platform 7.2.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.0, and includes bug fixes and enhancements. Refer to the Red Hat JBoss Enterprise Application Platform 7.2.1 Release Notes for information on the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)

  • jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)

  • jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)

  • undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer (CVE-2018-14642)

  • jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)

  • jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721)

  • wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805)

  • wildfly: wrong SecurityIdentity for EE concurrency threads that are reused (CVE-2019-3894)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1628702 - CVE-2018-14642 undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer 1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1671096 - CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver 1671097 - CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library 1677341 - CVE-2018-11307 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis 1682108 - CVE-2019-3894 wildfly: wrong SecurityIdentity for EE concurrency threads that are reused

  1. JIRA issues fixed (https://issues.jboss.org/):

JBEAP-14861 - GSS Upgrade JBeret from 1.3.1.Final to 1.3.2.Final JBEAP-15392 - (7.2.z) Upgrade Apache CXF from 3.2.5 to 3.2.7 JBEAP-15477 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4 JBEAP-15478 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4 JBEAP-15568 - GSS Upgrade ironjacamar from 1.4.11 Final to 1.4.15 Final JBEAP-15617 - (7.2.z) Upgrade WildFly Core from 6.0.11 to 6.0.12 JBEAP-15622 - GSS Upgrade jboss-el-api_spec from 1.0.12.Final to 1.0.13.Final JBEAP-15748 - GSS Upgrade jastow from 2.0.6.Final-redhat-00001 to 2.0.7.Final-redhat-00001 JBEAP-15805 - (7.2.z) Upgrade Hibernate ORM from 5.3.7 to 5.3.8 JBEAP-15851 - [ENG] (7.2.z) Upgrade Infinispan from 9.3.3.Final to 9.3.6.Final JBEAP-15869 - (7.2.z) Upgrade Undertow from 2.0.15 to 2.0.19 JBEAP-15876 - (7.2.z) Upgrade Artemis from 2.6.3.redhat-00014 to 2.6.3.redhat-00020 JBEAP-16025 - Upgrade yasson from 1.0.1 to 1.0.2 JBEAP-16037 - GSS Upgrade Narayana from 5.9.0.Final to 5.9.1.Final JBEAP-16086 - (7.2.z) Upgrade WildFly HTTP client from 1.0.12.Final to 1.0.13.Final JBEAP-16090 - GSS Upgrade jboss-ejb-client from 4.0.12 to 4.0.15 JBEAP-16091 - GSS Upgrade wildfly-transaction-client from 1.1.2.Final-redhat-1 to 1.1.3.Final-redhat-1 JBEAP-16112 - (7.2.z) Upgrade FasterXML Jackson from 2.9.5.redhat-2 to 2.9.8 JBEAP-16122 - [Runtimes] (7.2.z) Upgrade istack from 3.0.5.redhat-1 to 3.0.7.redhat-00001 JBEAP-16123 - [Runtimes] (7.2.x) Upgrade commons-digester from 1.8 to 1.8.1.redhat-4 JBEAP-16124 - [Runtimes] (7.2.x) Upgrade hornetq from 2.4.7.redhat-1 to 2.4.7.redhat-2 JBEAP-16125 - [Runtimes] (7.2.x) Upgrade org.jboss.genericjms from 2.0.1.Final-redhat-1 to 2.0.1.Final-redhat-00002 JBEAP-16137 - (7.2.z) (WFCORE) Upgrade FasterXML Jackson from 2.9.2 to 2.9.8 JBEAP-16146 - (7.2.z) Upgrade Elytron from 1.6.1.Final to 1.6.2.Final JBEAP-16147 - (7.2.z) Upgrade Elytron-Tool from 1.4.0 to 1.4.1.Final JBEAP-16234 - Tracker bug for the EAP 7.2.1 release for RHEL-7 JBEAP-16259 - (7.2.z) Upgrade legacy EJB Client from 3.0.2.Final-redhat-1 to 3.0.3.Final-redhat-1 JBEAP-16276 - (7.2.z) Upgrade elytron-web from 1.2.3.Final to 1.2.4.Final JBEAP-16321 - (7.2.z) HHH-13099 HHH-13283 Upgrade ByteBuddy from 1.8.17 to 1.9.5 JBEAP-16347 - (7.2.z) Upgrade jboss-logmanager from 2.1.5.Final-redhat-00001 to 2.1.7.Final JBEAP-16356 - (7.2.z) Upgrade RESTEasy from 3.6.1.SP2 to 3.6.1.SP3 JBEAP-16367 - (7.2.z) Upgrade commons-lang3 from 3.6.0-redhat-1 to 3.8-redhat-00001 JBEAP-16368 - (7.2.z) Upgrade cxf-xjc from 3.2.2.redhat-00001 to 3.2.3.redhat-00002 JBEAP-16369 - (7.2.z) Upgrade httpasyncclient from 4.1.3.redhat-2 to 4.1.4.redhat-00001 JBEAP-16381 - (7.2.z) Upgrade jboss-remoting-jmx from 3.0.0.Final to 3.0.1.Final JBEAP-16418 - (7.2.z) Upgrade Hibernate ORM from 5.3.8 to 5.3.9 JBEAP-9657 - (7.2.z) Upgrade jboss-negotiation from 3.0.4 to 3.0.5.Final-redhat-00001

  1. Package List:

Red Hat JBoss EAP 7.2 for RHEL 7 Server:

Source: eap7-activemq-artemis-2.6.3-5.redhat_00020.1.el7eap.src.rpm eap7-apache-commons-lang-3.8.0-1.redhat_00001.1.el7eap.src.rpm eap7-apache-cxf-3.2.7-1.redhat_00001.1.el7eap.src.rpm eap7-apache-cxf-xjc-utils-3.2.3-2.redhat_00002.1.el7eap.src.rpm eap7-artemis-native-2.6.3-15.redhat_00020.el7eap.src.rpm eap7-byte-buddy-1.9.5-1.redhat_00001.1.el7eap.src.rpm eap7-dom4j-2.1.1-2.redhat_00001.1.el7eap.src.rpm eap7-elytron-web-1.2.4-1.Final_redhat_00001.1.el7eap.src.rpm eap7-hibernate-5.3.9-2.Final_redhat_00002.1.el7eap.src.rpm eap7-httpcomponents-asyncclient-4.1.4-1.redhat_00001.1.el7eap.src.rpm eap7-infinispan-9.3.6-1.Final_redhat_00001.1.el7eap.src.rpm eap7-ironjacamar-1.4.15-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jackson-annotations-2.9.8-2.redhat_00004.1.el7eap.src.rpm eap7-jackson-core-2.9.8-2.redhat_00004.1.el7eap.src.rpm eap7-jackson-databind-2.9.8-2.redhat_00004.1.el7eap.src.rpm eap7-jackson-jaxrs-providers-2.9.8-2.redhat_00004.1.el7eap.src.rpm eap7-jackson-modules-base-2.9.8-1.redhat_00004.1.el7eap.src.rpm eap7-jackson-modules-java8-2.9.8-1.redhat_00004.1.el7eap.src.rpm eap7-jberet-1.3.2-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-ejb-client-4.0.15-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-el-api_3.0_spec-1.0.13-2.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-genericjms-2.0.1-2.Final_redhat_00002.1.el7eap.src.rpm eap7-jboss-logmanager-2.1.7-3.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-remoting-jmx-3.0.1-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-security-negotiation-3.0.5-2.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-server-migration-1.3.0-7.Final_redhat_00004.1.el7eap.src.rpm eap7-narayana-5.9.1-1.Final_redhat_00001.1.el7eap.src.rpm eap7-picketlink-bindings-2.5.5-16.SP12_redhat_4.1.el7eap.src.rpm eap7-picketlink-federation-2.5.5-16.SP12_redhat_4.1.el7eap.src.rpm eap7-resteasy-3.6.1-4.SP3_redhat_00001.1.el7eap.src.rpm eap7-sun-istack-commons-3.0.7-2.redhat_00001.1.el7eap.src.rpm eap7-undertow-2.0.19-1.Final_redhat_00001.1.el7eap.src.rpm eap7-undertow-jastow-2.0.7-2.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.2.1-6.GA_redhat_00004.1.el7eap.src.rpm eap7-wildfly-elytron-1.6.2-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-elytron-tool-1.4.1-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-http-client-1.0.13-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-transaction-client-1.1.3-1.Final_redhat_00001.1.el7eap.src.rpm eap7-yasson-1.0.2-1.redhat_00001.1.el7eap.src.rpm

noarch: eap7-activemq-artemis-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-cli-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-commons-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-core-client-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-dto-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-jms-client-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-jms-server-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-journal-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-native-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-ra-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-selector-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-server-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-tools-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-apache-commons-lang-3.8.0-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-rt-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-services-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-tools-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-xjc-utils-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm eap7-byte-buddy-1.9.5-1.redhat_00001.1.el7eap.noarch.rpm eap7-cxf-xjc-boolean-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm eap7-cxf-xjc-bug986-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm eap7-cxf-xjc-dv-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm eap7-cxf-xjc-runtime-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm eap7-cxf-xjc-ts-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm eap7-dom4j-2.1.1-2.redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm eap7-hibernate-core-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm eap7-hibernate-entitymanager-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm eap7-hibernate-envers-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm eap7-hibernate-java8-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm eap7-httpcomponents-asyncclient-4.1.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-cachestore-jdbc-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-cachestore-remote-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-client-hotrod-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-commons-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-core-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-api-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-api-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-validator-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-istack-commons-runtime-3.0.7-2.redhat_00001.1.el7eap.noarch.rpm eap7-istack-commons-tools-3.0.7-2.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-annotations-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-core-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-databind-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-datatype-jdk8-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-datatype-jsr310-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-jaxrs-base-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-modules-base-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-modules-java8-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm eap7-jberet-1.3.2-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jberet-core-1.3.2-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-ejb-client-4.0.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-el-api_3.0_spec-1.0.13-2.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-genericjms-2.0.1-2.Final_redhat_00002.1.el7eap.noarch.rpm eap7-jboss-logmanager-2.1.7-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-remoting-jmx-3.0.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-security-negotiation-3.0.5-2.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-server-migration-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-cli-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-core-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-narayana-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-compensations-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-jbosstxbridge-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-jbossxts-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-jts-idlj-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-jts-integration-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-restat-api-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-restat-bridge-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-restat-integration-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-restat-util-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-txframework-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-picketlink-api-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-bindings-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-common-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-config-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-federation-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-idm-api-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-idm-impl-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-idm-simple-schema-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-impl-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-wildfly8-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-resteasy-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-atom-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-cdi-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-client-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-client-microprofile-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-crypto-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson2-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxb-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxrs-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jettison-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jose-jwt-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jsapi-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-binding-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-p-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-multipart-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-rxjava2-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-spring-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-validator-provider-11-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-yaml-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-sun-istack-commons-3.0.7-2.redhat_00001.1.el7eap.noarch.rpm eap7-undertow-2.0.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-jastow-2.0.7-2.Final_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-server-1.2.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm eap7-wildfly-elytron-1.6.2-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-tool-1.4.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-client-common-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm eap7-wildfly-modules-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm eap7-wildfly-transaction-client-1.1.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-yasson-1.0.2-1.redhat_00001.1.el7eap.noarch.rpm

x86_64: eap7-artemis-native-2.6.3-15.redhat_00020.el7eap.x86_64.rpm eap7-artemis-native-wildfly-2.6.3-15.redhat_00020.el7eap.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2018-11307 https://access.redhat.com/security/cve/CVE-2018-12022 https://access.redhat.com/security/cve/CVE-2018-12023 https://access.redhat.com/security/cve/CVE-2018-14642 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2019-3805 https://access.redhat.com/security/cve/CVE-2019-3894 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXNLIE9zjgjWX9erEAQglKw/+JyHe4joco43PeWiW+gtOUi1LmK+vvmA/ gkH43MSvriK9Skka+B0ZkTDUvIOe12f4be3IOpN3utcEcDHa/FgvsGZDnSSEsqRl 4W0cPWOFpeGw1NxgeP/wyHl/ccuwmFgXyxOstqx3T93HsVLBteQfjDM/TNbRATPu ESGwZbdJFWaGHTrYzK2U1z7kvWeG81Qc+nTzD52HT8Gl2Ru8Joy7cYhH2h42vLra PMOM5R7EWKINRFlIwPAO4rtvkZh+NfpViMvxcVxoObRue4FuAnoToZiyo50daPQI 0GSvYcPlUB6eVttOmQuq63j4pypm+p7uEf4gFkOc0n38RaiiRx7TLdAoRwjg/oL+ 9gKnDg1uXOy0UOLiQbYSQXTQiN/5fo5cpGJ2y0VCI/bWcULq4owLrwzGbcRS2kN1 RB94DglvRUcqbIcC3FIDKA6pUEAqyNL8j4moQfjvmxDHtdkFbWdMVyCPsVnqeRpi bXpTDQhsrdIEM6Hvmc16Zoli2vurhhwTOSEh5eBOP6H29UOduZRUA5Bi7QazgdOj B+NLXH2088Xy+bTvu9xv5iFBQ47Kp/EEvFr+xqU9sVzggIXpyLgn5G03/GOAKkJ7 DHVygbhSYgeopJnFD1vD1Xz5cQHwoFwao00DXti3rUi9FbcQR0H/UQSmNq/OujOk Jr14u9JZfcw=EHUv -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201905-0262",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wildfly",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "11.0.0"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0.0"
      },
      {
        "model": "wildfly",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "16.0.0"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "wildfly",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "11 to  16"
      },
      {
        "model": "hat wildfly",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "red",
        "version": "11\u003c=16"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14824"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004452"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3894"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:wildfly:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "16.0.0",
                "versionStartIncluding": "11.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-3894"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "152764"
      },
      {
        "db": "PACKETSTORM",
        "id": "152765"
      },
      {
        "db": "PACKETSTORM",
        "id": "152766"
      },
      {
        "db": "PACKETSTORM",
        "id": "152779"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-108"
      }
    ],
    "trust": 1.0
  },
  "cve": "CVE-2019-3894",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-3894",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2019-14824",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "secalert@redhat.com",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 2.5,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-3894",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-3894",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "secalert@redhat.com",
            "id": "CVE-2019-3894",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-14824",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201905-108",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-3894",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14824"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3894"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004452"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3894"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3894"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-108"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "It was discovered that the ElytronManagedThread in Wildfly\u0027s Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing. Wildfly Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. RedHatWildfly is a JavaEE-based lightweight open source application server from RedHat. Elytronsubsystem is one of the security framework subsystems. Permissions and access control issues vulnerabilities exist in the ElytronManagedThread of the Elytron subsystem in the RedHatWildfly11 to 16 release. The vulnerability stems from the lack of effective permissions and access control measures for network systems or products. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 7 security update\nAdvisory ID:       RHSA-2019:1108-01\nProduct:           Red Hat JBoss Enterprise Application Platform\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:1108\nIssue date:        2019-05-08\nCVE Names:         CVE-2018-11307 CVE-2018-12022 CVE-2018-12023\n                   CVE-2018-14642 CVE-2018-14720 CVE-2018-14721\n                   CVE-2019-3805 CVE-2019-3894\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.2 for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.2 for RHEL 7 Server - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on JBoss Application Server 7. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.2.1 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.2.0,\nand includes bug fixes and enhancements. Refer to the Red Hat JBoss\nEnterprise Application Platform 7.2.1 Release Notes for information on the\nmost significant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* jackson-databind: Potential information exfiltration with default typing,\nserialization gadget from MyBatis (CVE-2018-11307)\n\n* jackson-databind: improper polymorphic deserialization of types from\nJodd-db library (CVE-2018-12022)\n\n* jackson-databind: improper polymorphic deserialization of types from\nOracle JDBC driver (CVE-2018-12023)\n\n* undertow: Infoleak in some circumstances where Undertow can serve data\nfrom a random buffer (CVE-2018-14642)\n\n* jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)\n\n* jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n(CVE-2018-14721)\n\n* wildfly: Race condition on PID file allows for termination of arbitrary\nprocesses by local users (CVE-2019-3805)\n\n* wildfly: wrong SecurityIdentity for EE concurrency threads that are\nreused (CVE-2019-3894)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1628702 - CVE-2018-14642 undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer\n1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1671096 - CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver\n1671097 - CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library\n1677341 - CVE-2018-11307 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis\n1682108 - CVE-2019-3894 wildfly: wrong SecurityIdentity for EE concurrency threads that are reused\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-14861 - [GSS](7.2.z) Upgrade JBeret from 1.3.1.Final to 1.3.2.Final\nJBEAP-15392 - (7.2.z) Upgrade Apache CXF from 3.2.5 to 3.2.7\nJBEAP-15477 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4\nJBEAP-15478 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4\nJBEAP-15568 - [GSS](7.2.z) Upgrade ironjacamar from 1.4.11 Final to 1.4.15 Final\nJBEAP-15617 - (7.2.z) Upgrade WildFly Core from 6.0.11 to 6.0.12\nJBEAP-15622 - [GSS](7.2.z) Upgrade jboss-el-api_spec from 1.0.12.Final to 1.0.13.Final\nJBEAP-15748 - [GSS](7.2.z) Upgrade jastow from 2.0.6.Final-redhat-00001 to 2.0.7.Final-redhat-00001\nJBEAP-15805 - (7.2.z) Upgrade Hibernate ORM from 5.3.7 to 5.3.8\nJBEAP-15851 - [ENG] (7.2.z) Upgrade Infinispan from 9.3.3.Final to 9.3.6.Final\nJBEAP-15869 - (7.2.z) Upgrade Undertow from 2.0.15 to 2.0.19\nJBEAP-15876 - (7.2.z) Upgrade Artemis from 2.6.3.redhat-00014 to 2.6.3.redhat-00020\nJBEAP-16025 - Upgrade yasson from 1.0.1 to 1.0.2\nJBEAP-16037 - [GSS](7.2.z) Upgrade Narayana from 5.9.0.Final to 5.9.1.Final\nJBEAP-16086 - (7.2.z) Upgrade WildFly HTTP client from 1.0.12.Final to 1.0.13.Final\nJBEAP-16090 - [GSS](7.2.z) Upgrade jboss-ejb-client from 4.0.12 to 4.0.15\nJBEAP-16091 - [GSS](7.2.z) Upgrade wildfly-transaction-client from 1.1.2.Final-redhat-1 to 1.1.3.Final-redhat-1\nJBEAP-16112 - (7.2.z) Upgrade FasterXML Jackson from 2.9.5.redhat-2 to 2.9.8\nJBEAP-16122 - [Runtimes] (7.2.z) Upgrade istack from 3.0.5.redhat-1 to 3.0.7.redhat-00001\nJBEAP-16123 - [Runtimes] (7.2.x) Upgrade commons-digester from 1.8 to 1.8.1.redhat-4\nJBEAP-16124 - [Runtimes] (7.2.x) Upgrade hornetq from 2.4.7.redhat-1 to 2.4.7.redhat-2\nJBEAP-16125 - [Runtimes] (7.2.x) Upgrade org.jboss.genericjms from 2.0.1.Final-redhat-1 to 2.0.1.Final-redhat-00002\nJBEAP-16137 - (7.2.z) (WFCORE) Upgrade FasterXML Jackson from 2.9.2 to 2.9.8\nJBEAP-16146 - (7.2.z) Upgrade Elytron from 1.6.1.Final to 1.6.2.Final\nJBEAP-16147 - (7.2.z) Upgrade Elytron-Tool from 1.4.0 to 1.4.1.Final\nJBEAP-16234 - Tracker bug for the EAP 7.2.1 release for RHEL-7\nJBEAP-16259 -  (7.2.z) Upgrade legacy EJB Client from 3.0.2.Final-redhat-1 to 3.0.3.Final-redhat-1\nJBEAP-16276 - (7.2.z) Upgrade elytron-web from 1.2.3.Final to 1.2.4.Final\nJBEAP-16321 - (7.2.z) HHH-13099 HHH-13283 Upgrade ByteBuddy from 1.8.17 to 1.9.5\nJBEAP-16347 - (7.2.z) Upgrade jboss-logmanager from 2.1.5.Final-redhat-00001 to 2.1.7.Final\nJBEAP-16356 - (7.2.z) Upgrade RESTEasy from 3.6.1.SP2 to 3.6.1.SP3\nJBEAP-16367 - (7.2.z) Upgrade commons-lang3 from 3.6.0-redhat-1 to 3.8-redhat-00001\nJBEAP-16368 - (7.2.z) Upgrade cxf-xjc from 3.2.2.redhat-00001 to 3.2.3.redhat-00002\nJBEAP-16369 - (7.2.z) Upgrade httpasyncclient from 4.1.3.redhat-2 to 4.1.4.redhat-00001\nJBEAP-16381 - (7.2.z) Upgrade jboss-remoting-jmx from 3.0.0.Final to 3.0.1.Final\nJBEAP-16418 - (7.2.z) Upgrade Hibernate ORM from 5.3.8 to 5.3.9\nJBEAP-9657 - (7.2.z) Upgrade jboss-negotiation from 3.0.4 to 3.0.5.Final-redhat-00001\n\n7. Package List:\n\nRed Hat JBoss EAP 7.2 for RHEL 7 Server:\n\nSource:\neap7-activemq-artemis-2.6.3-5.redhat_00020.1.el7eap.src.rpm\neap7-apache-commons-lang-3.8.0-1.redhat_00001.1.el7eap.src.rpm\neap7-apache-cxf-3.2.7-1.redhat_00001.1.el7eap.src.rpm\neap7-apache-cxf-xjc-utils-3.2.3-2.redhat_00002.1.el7eap.src.rpm\neap7-artemis-native-2.6.3-15.redhat_00020.el7eap.src.rpm\neap7-byte-buddy-1.9.5-1.redhat_00001.1.el7eap.src.rpm\neap7-dom4j-2.1.1-2.redhat_00001.1.el7eap.src.rpm\neap7-elytron-web-1.2.4-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-hibernate-5.3.9-2.Final_redhat_00002.1.el7eap.src.rpm\neap7-httpcomponents-asyncclient-4.1.4-1.redhat_00001.1.el7eap.src.rpm\neap7-infinispan-9.3.6-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-ironjacamar-1.4.15-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jackson-annotations-2.9.8-2.redhat_00004.1.el7eap.src.rpm\neap7-jackson-core-2.9.8-2.redhat_00004.1.el7eap.src.rpm\neap7-jackson-databind-2.9.8-2.redhat_00004.1.el7eap.src.rpm\neap7-jackson-jaxrs-providers-2.9.8-2.redhat_00004.1.el7eap.src.rpm\neap7-jackson-modules-base-2.9.8-1.redhat_00004.1.el7eap.src.rpm\neap7-jackson-modules-java8-2.9.8-1.redhat_00004.1.el7eap.src.rpm\neap7-jberet-1.3.2-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-ejb-client-4.0.15-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-el-api_3.0_spec-1.0.13-2.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-genericjms-2.0.1-2.Final_redhat_00002.1.el7eap.src.rpm\neap7-jboss-logmanager-2.1.7-3.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-remoting-jmx-3.0.1-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-security-negotiation-3.0.5-2.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-server-migration-1.3.0-7.Final_redhat_00004.1.el7eap.src.rpm\neap7-narayana-5.9.1-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-picketlink-bindings-2.5.5-16.SP12_redhat_4.1.el7eap.src.rpm\neap7-picketlink-federation-2.5.5-16.SP12_redhat_4.1.el7eap.src.rpm\neap7-resteasy-3.6.1-4.SP3_redhat_00001.1.el7eap.src.rpm\neap7-sun-istack-commons-3.0.7-2.redhat_00001.1.el7eap.src.rpm\neap7-undertow-2.0.19-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-undertow-jastow-2.0.7-2.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-7.2.1-6.GA_redhat_00004.1.el7eap.src.rpm\neap7-wildfly-elytron-1.6.2-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-elytron-tool-1.4.1-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-http-client-1.0.13-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-transaction-client-1.1.3-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-yasson-1.0.2-1.redhat_00001.1.el7eap.src.rpm\n\nnoarch:\neap7-activemq-artemis-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-cli-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-commons-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-core-client-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-dto-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-hornetq-protocol-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-hqclient-protocol-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-jdbc-store-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-jms-client-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-jms-server-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-journal-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-native-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-ra-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-selector-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-server-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-service-extensions-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-tools-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-apache-commons-lang-3.8.0-1.redhat_00001.1.el7eap.noarch.rpm\neap7-apache-cxf-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm\neap7-apache-cxf-rt-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm\neap7-apache-cxf-services-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm\neap7-apache-cxf-tools-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm\neap7-apache-cxf-xjc-utils-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm\neap7-byte-buddy-1.9.5-1.redhat_00001.1.el7eap.noarch.rpm\neap7-cxf-xjc-boolean-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm\neap7-cxf-xjc-bug986-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm\neap7-cxf-xjc-dv-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm\neap7-cxf-xjc-runtime-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm\neap7-cxf-xjc-ts-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm\neap7-dom4j-2.1.1-2.redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-hibernate-core-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-hibernate-envers-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-hibernate-java8-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-httpcomponents-asyncclient-4.1.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-cachestore-jdbc-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-cachestore-remote-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-client-hotrod-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-commons-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-core-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-hibernate-cache-commons-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-hibernate-cache-spi-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-hibernate-cache-v53-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-api-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-impl-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-spi-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-core-api-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-core-impl-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-deployers-common-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-jdbc-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-validator-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-istack-commons-runtime-3.0.7-2.redhat_00001.1.el7eap.noarch.rpm\neap7-istack-commons-tools-3.0.7-2.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-annotations-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-core-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-databind-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-datatype-jdk8-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-datatype-jsr310-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-jaxrs-base-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-jaxrs-json-provider-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-module-jaxb-annotations-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-modules-base-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-modules-java8-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm\neap7-jberet-1.3.2-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jberet-core-1.3.2-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-ejb-client-4.0.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-el-api_3.0_spec-1.0.13-2.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-genericjms-2.0.1-2.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-jboss-logmanager-2.1.7-3.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-remoting-jmx-3.0.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-security-negotiation-3.0.5-2.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-server-migration-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-cli-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-core-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly13.0-server-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-narayana-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-compensations-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-jbosstxbridge-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-jbossxts-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-jts-idlj-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-jts-integration-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-restat-api-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-restat-bridge-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-restat-integration-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-restat-util-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-txframework-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-picketlink-api-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-bindings-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-common-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-config-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-federation-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-idm-api-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-idm-impl-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-idm-simple-schema-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-impl-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-wildfly8-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-resteasy-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-atom-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-cdi-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-client-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-client-microprofile-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-crypto-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jackson-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jackson2-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jaxb-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jaxrs-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jettison-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jose-jwt-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jsapi-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-json-binding-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-json-p-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-multipart-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-rxjava2-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-spring-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-validator-provider-11-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-yaml-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-sun-istack-commons-3.0.7-2.redhat_00001.1.el7eap.noarch.rpm\neap7-undertow-2.0.19-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-undertow-jastow-2.0.7-2.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-undertow-server-1.2.4-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm\neap7-wildfly-elytron-1.6.2-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-elytron-tool-1.4.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-client-common-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-ejb-client-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-naming-client-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-transaction-client-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-java-jdk11-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm\neap7-wildfly-java-jdk8-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm\neap7-wildfly-javadocs-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm\neap7-wildfly-modules-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm\neap7-wildfly-transaction-client-1.1.3-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-yasson-1.0.2-1.redhat_00001.1.el7eap.noarch.rpm\n\nx86_64:\neap7-artemis-native-2.6.3-15.redhat_00020.el7eap.x86_64.rpm\neap7-artemis-native-wildfly-2.6.3-15.redhat_00020.el7eap.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-11307\nhttps://access.redhat.com/security/cve/CVE-2018-12022\nhttps://access.redhat.com/security/cve/CVE-2018-12023\nhttps://access.redhat.com/security/cve/CVE-2018-14642\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2019-3805\nhttps://access.redhat.com/security/cve/CVE-2019-3894\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXNLIE9zjgjWX9erEAQglKw/+JyHe4joco43PeWiW+gtOUi1LmK+vvmA/\ngkH43MSvriK9Skka+B0ZkTDUvIOe12f4be3IOpN3utcEcDHa/FgvsGZDnSSEsqRl\n4W0cPWOFpeGw1NxgeP/wyHl/ccuwmFgXyxOstqx3T93HsVLBteQfjDM/TNbRATPu\nESGwZbdJFWaGHTrYzK2U1z7kvWeG81Qc+nTzD52HT8Gl2Ru8Joy7cYhH2h42vLra\nPMOM5R7EWKINRFlIwPAO4rtvkZh+NfpViMvxcVxoObRue4FuAnoToZiyo50daPQI\n0GSvYcPlUB6eVttOmQuq63j4pypm+p7uEf4gFkOc0n38RaiiRx7TLdAoRwjg/oL+\n9gKnDg1uXOy0UOLiQbYSQXTQiN/5fo5cpGJ2y0VCI/bWcULq4owLrwzGbcRS2kN1\nRB94DglvRUcqbIcC3FIDKA6pUEAqyNL8j4moQfjvmxDHtdkFbWdMVyCPsVnqeRpi\nbXpTDQhsrdIEM6Hvmc16Zoli2vurhhwTOSEh5eBOP6H29UOduZRUA5Bi7QazgdOj\nB+NLXH2088Xy+bTvu9xv5iFBQ47Kp/EEvFr+xqU9sVzggIXpyLgn5G03/GOAKkJ7\nDHVygbhSYgeopJnFD1vD1Xz5cQHwoFwao00DXti3rUi9FbcQR0H/UQSmNq/OujOk\nJr14u9JZfcw=EHUv\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-3894"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004452"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-14824"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3894"
      },
      {
        "db": "PACKETSTORM",
        "id": "152764"
      },
      {
        "db": "PACKETSTORM",
        "id": "152765"
      },
      {
        "db": "PACKETSTORM",
        "id": "152766"
      },
      {
        "db": "PACKETSTORM",
        "id": "152779"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-3894",
        "trust": 3.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004452",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "152766",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "152779",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-14824",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1618",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1638",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-108",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3894",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "152764",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "152765",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14824"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3894"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004452"
      },
      {
        "db": "PACKETSTORM",
        "id": "152764"
      },
      {
        "db": "PACKETSTORM",
        "id": "152765"
      },
      {
        "db": "PACKETSTORM",
        "id": "152766"
      },
      {
        "db": "PACKETSTORM",
        "id": "152779"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3894"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-108"
      }
    ]
  },
  "id": "VAR-201905-0262",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14824"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14824"
      }
    ]
  },
  "last_update_date": "2023-12-18T10:55:07.884000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Bug 1682108",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3894"
      },
      {
        "title": "RHSA-2019:1106",
        "trust": 0.8,
        "url": "https://access.redhat.com/errata/rhsa-2019:1106"
      },
      {
        "title": "RHSA-2019:1107",
        "trust": 0.8,
        "url": "https://access.redhat.com/errata/rhsa-2019:1107"
      },
      {
        "title": "RHSA-2019:1108",
        "trust": 0.8,
        "url": "https://access.redhat.com/errata/rhsa-2019:1108"
      },
      {
        "title": "RHSA-2019:1140",
        "trust": 0.8,
        "url": "https://access.redhat.com/errata/rhsa-2019:1140"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191106 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 6 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191107 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 7 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191108 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat Single Sign-On 7.3.1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191140 - security advisory"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-3894"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004452"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004452"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3894"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://access.redhat.com/errata/rhsa-2019:1106"
      },
      {
        "trust": 2.4,
        "url": "https://access.redhat.com/errata/rhsa-2019:1140"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2019:1108"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2019:1107"
      },
      {
        "trust": 1.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3894"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3894"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20190517-0004/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3894"
      },
      {
        "trust": 0.6,
        "url": "https://web.nvd.nist.gov//vuln/detail/cve-2019-3894"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152779/red-hat-security-advisory-2019-1140-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/red-hat-jboss-enterprise-application-platform-wildfly-privilege-escalation-via-elytronmanagedthread-29228"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152766/red-hat-security-advisory-2019-1107-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/80598"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/80514"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14642"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12022"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-14720"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12023"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-12023"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-14642"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-14721"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-12022"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11307"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-3894"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-11307"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-3805"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3805"
      },
      {
        "trust": 0.3,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.2"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3868"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=core.service.rhsso\u0026version=7.3"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3868"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14824"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3894"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004452"
      },
      {
        "db": "PACKETSTORM",
        "id": "152764"
      },
      {
        "db": "PACKETSTORM",
        "id": "152765"
      },
      {
        "db": "PACKETSTORM",
        "id": "152766"
      },
      {
        "db": "PACKETSTORM",
        "id": "152779"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3894"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-108"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14824"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3894"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004452"
      },
      {
        "db": "PACKETSTORM",
        "id": "152764"
      },
      {
        "db": "PACKETSTORM",
        "id": "152765"
      },
      {
        "db": "PACKETSTORM",
        "id": "152766"
      },
      {
        "db": "PACKETSTORM",
        "id": "152779"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3894"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-108"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-14824"
      },
      {
        "date": "2019-05-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-3894"
      },
      {
        "date": "2019-06-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-004452"
      },
      {
        "date": "2019-05-08T17:45:48",
        "db": "PACKETSTORM",
        "id": "152764"
      },
      {
        "date": "2019-05-08T17:45:55",
        "db": "PACKETSTORM",
        "id": "152765"
      },
      {
        "date": "2019-05-08T17:46:03",
        "db": "PACKETSTORM",
        "id": "152766"
      },
      {
        "date": "2019-05-09T10:21:11",
        "db": "PACKETSTORM",
        "id": "152779"
      },
      {
        "date": "2019-05-03T20:29:01.327000",
        "db": "NVD",
        "id": "CVE-2019-3894"
      },
      {
        "date": "2019-05-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-108"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-14824"
      },
      {
        "date": "2020-10-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-3894"
      },
      {
        "date": "2019-06-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-004452"
      },
      {
        "date": "2020-10-15T19:50:03.567000",
        "db": "NVD",
        "id": "CVE-2019-3894"
      },
      {
        "date": "2020-10-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-108"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-108"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Wildfly Vulnerabilities related to authorization, permissions, and access control",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004452"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-108"
      }
    ],
    "trust": 0.6
  }
}

var-202003-1771
Vulnerability from variot

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable. Wildfly There is a cryptographic strength vulnerability in.Information may be obtained and tampered with. Red Hat Wildfly is a lightweight open source application server based on JavaEE from American Red Hat (Red Hat) company. The vulnerability stems from the program's failure to implement the'enabled-protocols' setting configured by Wildfly. Attackers can use this vulnerability to obtain information spread on the network. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update Advisory ID: RHSA-2020:2512-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:2512 Issue date: 2020-06-10 CVE Names: CVE-2018-14371 CVE-2019-0205 CVE-2019-0210 CVE-2019-10172 CVE-2019-12423 CVE-2019-14887 CVE-2019-17573 CVE-2020-1695 CVE-2020-1729 CVE-2020-1745 CVE-2020-1757 CVE-2020-6950 CVE-2020-7226 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10688 CVE-2020-10719 ==================================================================== 1. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • cxf: reflected XSS in the services listing page (CVE-2019-17573)

  • cxf-core: cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)

  • jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

  • undertow: servletPath in normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)

  • jackson-databind: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

  • jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

  • resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

  • cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)

  • smallrye-config: SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader (CVE-2020-1729)

  • resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688)

  • jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

  • undertow: invalid HTTP request with large chunk size (CVE-2020-10719)

  • jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

  • jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

  • jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

  • undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)

  • libthrift: thrift: Endless loop when feed with specific input data (CVE-2019-0205)

  • libthrift: thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)

  • wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887)

  • jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)

  • jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.

  1. Solution:

Before applying this update, ensure all previously released errata relevant to your system have been applied.

For details about how to apply this update, see:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId 1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page 1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation 1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader 1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size

  1. JIRA issues fixed (https://issues.jboss.org/):

JBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final JBEAP-18060 - GSS Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001 JBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001 JBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012 JBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core JBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core JBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final JBEAP-18277 - GSS Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001 JBEAP-18288 - GSS Upgrade FasterXML from 2.10.0 to 2.10.3 JBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10 JBEAP-18302 - GSS Upgrade wildfly-http-client from 1.0.18 to 1.0.20 JBEAP-18315 - GSS Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010 JBEAP-18346 - GSS Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002 JBEAP-18352 - GSS Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001 JBEAP-18361 - GSS Upgrade Woodstox from 5.0.3 to 6.0.3 JBEAP-18367 - GSS Upgrade Hibernate ORM from 5.3.15 to 5.3.16 JBEAP-18393 - GSS Update $JBOSS_HOME/docs/schema to show https schema URL instead of http JBEAP-18398 - Tracker bug for the EAP 7.3.1 release for RHEL-7 JBEAP-18409 - GSS Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001 JBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final JBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001 JBEAP-18596 - GSS Upgrade JBoss Modules from 1.9.1 to 1.10.0 JBEAP-18598 - GSS Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002 JBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001 JBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001 JBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final JBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001 JBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001 JBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001 JBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001 JBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006 JBEAP-18836 - GSS Upgrade Remoting JMX from 3.0.3 to 3.0.4 JBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2 JBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002 JBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0 JBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2 JBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3 JBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3 JBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4 JBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final JBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001 JBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002 JBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1 JBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004 JBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001 JBEAP-19117 - GSS Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001 JBEAP-19133 - GSS Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001 JBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001 JBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001 JBEAP-19192 - (7.3.z) Update the Japanese translations JBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001 JBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001 JBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final

  1. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  2. References:

https://access.redhat.com/security/cve/CVE-2018-14371 https://access.redhat.com/security/cve/CVE-2019-0205 https://access.redhat.com/security/cve/CVE-2019-0210 https://access.redhat.com/security/cve/CVE-2019-10172 https://access.redhat.com/security/cve/CVE-2019-12423 https://access.redhat.com/security/cve/CVE-2019-14887 https://access.redhat.com/security/cve/CVE-2019-17573 https://access.redhat.com/security/cve/CVE-2020-1695 https://access.redhat.com/security/cve/CVE-2020-1729 https://access.redhat.com/security/cve/CVE-2020-1745 https://access.redhat.com/security/cve/CVE-2020-1757 https://access.redhat.com/security/cve/CVE-2020-6950 https://access.redhat.com/security/cve/CVE-2020-7226 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10688 https://access.redhat.com/security/cve/CVE-2020-10719 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/

  1. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXuHcw9zjgjWX9erEAQh0/w//WCP+lyWNO4PYWG/1MPkiCmf9kc3lABZ/ zn5l0eEXpeV248b6iJ+xq4vgT3+7akvE4u0XOd0yV+dxoLXHGeNoNa5RDeRGFtEJ MbFhSdoOMYJDB14vBcZ6Zwc3lGQX8CrBjACI8mrGOpJIniP4H5dBB+Kb8QhXue82 FhdEppkBiTzMe0t1yWP6pIRgmtLcBGrPG8a5v1R/c8n/1ADIJiXaS8xQGI1x+z17 dJIwoQoF1QacJkDq5AqFHdN8cUqsiqsKNKDbm3B5JR6JEwlMSVGtlrMlxsXX2N9F QMB5LuOOUUfSsm2V1C1PCQ3bBPaXFNJk6upZjeRDQtyP0CxQHASrCgT+kkZAof6F SvflzocaHI/umyATKJkJua3WffJm1YXTGMQSGGgkvUdTxKz6RqAWGN5hOU+oced+ sCYp6gieKvwR4a+ubDfXLoyQ01g1/+f+g5EabKJkVKvsEEFxHPzL4w7cWA6ESG88 DnJ+fgf1tycBJD7Lw7IsmN1ckGWHtY+NzOV6btr+4UC4+qeC9D7b9n7UxSK2gGCE zAMEW88O3RYVB6QofV3Ysx/SHbQrdSfuVVGhzgSDHmYTLRjr31xXaQvFP4QAJS9a bD/W2ZVeN3/nSPduC18i1ZYzDmeP3+A+KS2S4/VWjMs5NSMNlF03RX2KDvegbi9J ULGZnlcYAXQ\xcfE3 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

The References section of this erratum contains a download link (you must log in to download the update).

The JBoss server process must be restarted for the update to take effect

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1771",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wildfly",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2.0"
      },
      {
        "model": "wildfly",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2.5"
      },
      {
        "model": "single sign-on",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "jboss data grid",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0.0"
      },
      {
        "model": "wildfly",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2.3"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0.0"
      },
      {
        "model": "openshift application runtimes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "jboss fuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0.0"
      },
      {
        "model": "jboss data grid",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "jboss enterprise application platform",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "jboss fuse",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "openshift application runtimes",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "single sign-on",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "wildfly",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.2.0.ga"
      },
      {
        "model": "wildfly",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.2.3.ga"
      },
      {
        "model": "wildfly",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.2.5.cr2"
      },
      {
        "model": "ops center common services",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "(\u6d77\u5916\u8ca9\u58f2\u306e\u307f)"
      },
      {
        "model": "hat wildfly",
        "scope": null,
        "trust": 0.6,
        "vendor": "red",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-24683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014948"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14887"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:wildfly:7.2.0:general_availability:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:wildfly:7.2.3:general_availability:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:wildfly:7.2.5:cr2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-14887"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "158048"
      },
      {
        "db": "PACKETSTORM",
        "id": "156691"
      },
      {
        "db": "PACKETSTORM",
        "id": "156692"
      },
      {
        "db": "PACKETSTORM",
        "id": "156693"
      },
      {
        "db": "PACKETSTORM",
        "id": "156701"
      },
      {
        "db": "PACKETSTORM",
        "id": "158038"
      },
      {
        "db": "PACKETSTORM",
        "id": "156885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-782"
      }
    ],
    "trust": 1.3
  },
  "cve": "CVE-2019-14887",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014948",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 9.4,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-24683",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "secalert@redhat.com",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 9.1,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014948",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-14887",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "secalert@redhat.com",
            "id": "CVE-2019-14887",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-014948",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-24683",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202003-782",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-24683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014948"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-782"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14887"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14887"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A flaw was found when an OpenSSL security provider is used with Wildfly, the \u0027enabled-protocols\u0027 value in the Wildfly configuration isn\u0027t honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable. Wildfly There is a cryptographic strength vulnerability in.Information may be obtained and tampered with. Red Hat Wildfly is a lightweight open source application server based on JavaEE from American Red Hat (Red Hat) company. The vulnerability stems from the program\u0027s failure to implement the\u0027enabled-protocols\u0027 setting configured by Wildfly. Attackers can use this vulnerability to obtain information spread on the network. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update\nAdvisory ID:       RHSA-2020:2512-01\nProduct:           Red Hat JBoss Enterprise Application Platform\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:2512\nIssue date:        2020-06-10\nCVE Names:         CVE-2018-14371 CVE-2019-0205 CVE-2019-0210\n                   CVE-2019-10172 CVE-2019-12423 CVE-2019-14887\n                   CVE-2019-17573 CVE-2020-1695 CVE-2020-1729\n                   CVE-2020-1745 CVE-2020-1757 CVE-2020-6950\n                   CVE-2020-7226 CVE-2020-8840 CVE-2020-9546\n                   CVE-2020-9547 CVE-2020-9548 CVE-2020-10688\n                   CVE-2020-10719\n====================================================================\n1. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. See the Red Hat JBoss Enterprise\nApplication Platform 7.3.1 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* cxf: reflected XSS in the services listing page (CVE-2019-17573)\n\n* cxf-core: cxf: OpenId Connect token service does not properly validate\nthe clientId (CVE-2019-12423)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* undertow: servletPath in normalized incorrectly leading to dangerous\napplication mapping which could result in security bypass (CVE-2020-1757)\n\n* jackson-databind: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in\nMediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* cryptacular: excessive memory allocation during a decode operation\n(CVE-2020-7226)\n\n* smallrye-config: SmallRye: SecuritySupport class is incorrectly public\nand contains a static method to access the current threads context class\nloader (CVE-2020-1729)\n\n* resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected\nXSS attack (CVE-2020-10688)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n(CVE-2020-8840)\n\n* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config\n(CVE-2020-9546)\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)\n\n* libthrift: thrift: Endless loop when feed with specific input data\n(CVE-2019-0205)\n\n* libthrift: thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not\nrespected if OpenSSL security provider is in use (CVE-2019-14887)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con\nparameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* jsf-impl: mojarra: Path traversal in\nResourceManager.java:getLocalePrefix() via the loc parameter\n(CVE-2018-14371)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, see the CVE page(s) listed in the\nReferences section. \n\n4. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol\n1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data\n1772008 - CVE-2019-14887 wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use\n1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId\n1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page\n1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation\n1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader\n1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final\nJBEAP-18060 - [GSS](7.3.z) Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001\nJBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001\nJBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012\nJBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core\nJBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core\nJBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final\nJBEAP-18277 - [GSS](7.3.z) Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001\nJBEAP-18288 - [GSS](7.3.z) Upgrade FasterXML from 2.10.0 to 2.10.3\nJBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10\nJBEAP-18302 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.18 to 1.0.20\nJBEAP-18315 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010\nJBEAP-18346 - [GSS](7.3.z) Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002\nJBEAP-18352 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001\nJBEAP-18361 - [GSS](7.3.z) Upgrade Woodstox from 5.0.3 to 6.0.3\nJBEAP-18367 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.15 to 5.3.16\nJBEAP-18393 - [GSS](7.3.z) Update $JBOSS_HOME/docs/schema to show https schema URL instead of http\nJBEAP-18398 - Tracker bug for the EAP 7.3.1 release for RHEL-7\nJBEAP-18409 - [GSS](7.3.z) Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001\nJBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final\nJBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001\nJBEAP-18596 - [GSS](7.3.z) Upgrade JBoss Modules from 1.9.1 to 1.10.0\nJBEAP-18598 - [GSS](7.3.z) Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002\nJBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001\nJBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001\nJBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final\nJBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001\nJBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001\nJBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001\nJBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001\nJBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006\nJBEAP-18836 - [GSS](7.3.z) Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2\nJBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002\nJBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0\nJBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2\nJBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3\nJBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3\nJBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4\nJBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final\nJBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001\nJBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002\nJBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1\nJBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004\nJBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001\nJBEAP-19117 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001\nJBEAP-19133 - [GSS](7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001\nJBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001\nJBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001\nJBEAP-19192 - (7.3.z) Update the Japanese translations\nJBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001\nJBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001\nJBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final\n\n7.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14371\nhttps://access.redhat.com/security/cve/CVE-2019-0205\nhttps://access.redhat.com/security/cve/CVE-2019-0210\nhttps://access.redhat.com/security/cve/CVE-2019-10172\nhttps://access.redhat.com/security/cve/CVE-2019-12423\nhttps://access.redhat.com/security/cve/CVE-2019-14887\nhttps://access.redhat.com/security/cve/CVE-2019-17573\nhttps://access.redhat.com/security/cve/CVE-2020-1695\nhttps://access.redhat.com/security/cve/CVE-2020-1729\nhttps://access.redhat.com/security/cve/CVE-2020-1745\nhttps://access.redhat.com/security/cve/CVE-2020-1757\nhttps://access.redhat.com/security/cve/CVE-2020-6950\nhttps://access.redhat.com/security/cve/CVE-2020-7226\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10688\nhttps://access.redhat.com/security/cve/CVE-2020-10719\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/\n\n9. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXuHcw9zjgjWX9erEAQh0/w//WCP+lyWNO4PYWG/1MPkiCmf9kc3lABZ/\nzn5l0eEXpeV248b6iJ+xq4vgT3+7akvE4u0XOd0yV+dxoLXHGeNoNa5RDeRGFtEJ\nMbFhSdoOMYJDB14vBcZ6Zwc3lGQX8CrBjACI8mrGOpJIniP4H5dBB+Kb8QhXue82\nFhdEppkBiTzMe0t1yWP6pIRgmtLcBGrPG8a5v1R/c8n/1ADIJiXaS8xQGI1x+z17\ndJIwoQoF1QacJkDq5AqFHdN8cUqsiqsKNKDbm3B5JR6JEwlMSVGtlrMlxsXX2N9F\nQMB5LuOOUUfSsm2V1C1PCQ3bBPaXFNJk6upZjeRDQtyP0CxQHASrCgT+kkZAof6F\nSvflzocaHI/umyATKJkJua3WffJm1YXTGMQSGGgkvUdTxKz6RqAWGN5hOU+oced+\nsCYp6gieKvwR4a+ubDfXLoyQ01g1/+f+g5EabKJkVKvsEEFxHPzL4w7cWA6ESG88\nDnJ+fgf1tycBJD7Lw7IsmN1ckGWHtY+NzOV6btr+4UC4+qeC9D7b9n7UxSK2gGCE\nzAMEW88O3RYVB6QofV3Ysx/SHbQrdSfuVVGhzgSDHmYTLRjr31xXaQvFP4QAJS9a\nbD/W2ZVeN3/nSPduC18i1ZYzDmeP3+A+KS2S4/VWjMs5NSMNlF03RX2KDvegbi9J\nULGZnlcYAXQ\\xcfE3\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-14887"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014948"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-24683"
      },
      {
        "db": "PACKETSTORM",
        "id": "158048"
      },
      {
        "db": "PACKETSTORM",
        "id": "156691"
      },
      {
        "db": "PACKETSTORM",
        "id": "156692"
      },
      {
        "db": "PACKETSTORM",
        "id": "156693"
      },
      {
        "db": "PACKETSTORM",
        "id": "156701"
      },
      {
        "db": "PACKETSTORM",
        "id": "158038"
      },
      {
        "db": "PACKETSTORM",
        "id": "156885"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-14887",
        "trust": 3.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014948",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "158048",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "156701",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "156885",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-24683",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "163798",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "157859",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "157741",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1024",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2731",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0915",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1052",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1882",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1766",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2050",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2042",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-782",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "156691",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "156692",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "156693",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158038",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-24683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014948"
      },
      {
        "db": "PACKETSTORM",
        "id": "158048"
      },
      {
        "db": "PACKETSTORM",
        "id": "156691"
      },
      {
        "db": "PACKETSTORM",
        "id": "156692"
      },
      {
        "db": "PACKETSTORM",
        "id": "156693"
      },
      {
        "db": "PACKETSTORM",
        "id": "156701"
      },
      {
        "db": "PACKETSTORM",
        "id": "158038"
      },
      {
        "db": "PACKETSTORM",
        "id": "156885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-782"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14887"
      }
    ]
  },
  "id": "VAR-202003-1771",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-24683"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-24683"
      }
    ]
  },
  "last_update_date": "2024-07-23T22:09:01.387000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "hitachi-sec-2020-125",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-125/index.html"
      },
      {
        "title": "Bug 1772008",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-14887"
      },
      {
        "title": "hitachi-sec-2020-125",
        "trust": 0.8,
        "url": "https://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2020-125/index.html"
      },
      {
        "title": "Patch for Red Hat Wildfly encryption problem vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/215315"
      },
      {
        "title": "Red Hat Wildfly Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=111917"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-24683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014948"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-782"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-326",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014948"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14887"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
      },
      {
        "trust": 1.6,
        "url": "https://issues.redhat.com/browse/jbeap-17965"
      },
      {
        "trust": 1.6,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-14887"
      },
      {
        "trust": 1.6,
        "url": "https://security.netapp.com/advisory/ntap-20200327-0007/"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-14887"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14887"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2019-0210"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.7,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.7,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2019-0205"
      },
      {
        "trust": 0.6,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1882/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/157741/red-hat-security-advisory-2020-2067-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2050/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156701/red-hat-security-advisory-2020-0804-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/red-hat-jboss-enterprise-application-platform-three-vulnerabilities-31779"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0915/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158048/red-hat-security-advisory-2020-2512-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156885/red-hat-security-advisory-2020-0962-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2042/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/157859/red-hat-security-advisory-2020-2333-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2731"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1052/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1024/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/163798/red-hat-security-advisory-2021-3140-01.html"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-12400"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-20445"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-20444"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-10086"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-7238"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-1745"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-6950"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9547"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-10172"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-17573"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1695"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9546"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10719"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7226"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9548"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1729"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-10688"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1757"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-8840"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1729"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7226"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6950"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-12423"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-10719"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14371"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-14371"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2512"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:0811"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.2"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:0806"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:0805"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:0804"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2515"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:0962"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014948"
      },
      {
        "db": "PACKETSTORM",
        "id": "158048"
      },
      {
        "db": "PACKETSTORM",
        "id": "156691"
      },
      {
        "db": "PACKETSTORM",
        "id": "156692"
      },
      {
        "db": "PACKETSTORM",
        "id": "156693"
      },
      {
        "db": "PACKETSTORM",
        "id": "156701"
      },
      {
        "db": "PACKETSTORM",
        "id": "158038"
      },
      {
        "db": "PACKETSTORM",
        "id": "156885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-782"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14887"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-24683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014948"
      },
      {
        "db": "PACKETSTORM",
        "id": "158048"
      },
      {
        "db": "PACKETSTORM",
        "id": "156691"
      },
      {
        "db": "PACKETSTORM",
        "id": "156692"
      },
      {
        "db": "PACKETSTORM",
        "id": "156693"
      },
      {
        "db": "PACKETSTORM",
        "id": "156701"
      },
      {
        "db": "PACKETSTORM",
        "id": "158038"
      },
      {
        "db": "PACKETSTORM",
        "id": "156885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-782"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-14887"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-24683"
      },
      {
        "date": "2020-03-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014948"
      },
      {
        "date": "2020-06-11T16:36:20",
        "db": "PACKETSTORM",
        "id": "158048"
      },
      {
        "date": "2020-03-12T19:47:56",
        "db": "PACKETSTORM",
        "id": "156691"
      },
      {
        "date": "2020-03-12T19:49:17",
        "db": "PACKETSTORM",
        "id": "156692"
      },
      {
        "date": "2020-03-12T19:52:56",
        "db": "PACKETSTORM",
        "id": "156693"
      },
      {
        "date": "2020-03-12T20:12:10",
        "db": "PACKETSTORM",
        "id": "156701"
      },
      {
        "date": "2020-06-11T16:34:25",
        "db": "PACKETSTORM",
        "id": "158038"
      },
      {
        "date": "2020-03-24T15:10:43",
        "db": "PACKETSTORM",
        "id": "156885"
      },
      {
        "date": "2020-03-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-782"
      },
      {
        "date": "2020-03-16T15:15:12.130000",
        "db": "NVD",
        "id": "CVE-2019-14887"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-24683"
      },
      {
        "date": "2020-08-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014948"
      },
      {
        "date": "2021-11-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-782"
      },
      {
        "date": "2021-11-02T18:10:07.537000",
        "db": "NVD",
        "id": "CVE-2019-14887"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-782"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Wildfly Cryptographic strength vulnerabilities in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014948"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-782"
      }
    ],
    "trust": 0.6
  }
}

var-201905-0080
Vulnerability from variot

A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root. wildfly Contains a race condition vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. RedHatWildfly is a JavaEE-based lightweight open source application server from RedHat. A race condition issue vulnerability exists in RedHatWildfly16.0.0.Final and prior versions. The vulnerability stems from the improper handling of concurrent access when the network system or product is running and concurrent code needs to access shared resources mutually exclusive. Redhat Wildfly is prone to a local denial of service vulnerability. An attacker can leverage this issue to cause a denial of service condition. The purpose of this text-only errata is to inform you about the security issues fixed in this release.

Installation instructions are available from the Fuse 7.4.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/

The References section of this erratum contains a download link (you must log in to download the update).

The JBoss server process must be restarted for the update to take effect. Solution:

Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1628702 - CVE-2018-14642 undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer 1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1671096 - CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver 1671097 - CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library 1677341 - CVE-2018-11307 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis 1682108 - CVE-2019-3894 wildfly: wrong SecurityIdentity for EE concurrency threads that are reused

  1. JIRA issues fixed (https://issues.jboss.org/):

JBEAP-14861 - GSS Upgrade JBeret from 1.3.1.Final to 1.3.2.Final JBEAP-15392 - (7.2.z) Upgrade Apache CXF from 3.2.5 to 3.2.7 JBEAP-15477 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4 JBEAP-15478 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4 JBEAP-15568 - GSS Upgrade ironjacamar from 1.4.11 Final to 1.4.15 Final JBEAP-15617 - (7.2.z) Upgrade WildFly Core from 6.0.11 to 6.0.12 JBEAP-15622 - GSS Upgrade jboss-el-api_spec from 1.0.12.Final to 1.0.13.Final JBEAP-15748 - GSS Upgrade jastow from 2.0.6.Final-redhat-00001 to 2.0.7.Final-redhat-00001 JBEAP-15805 - (7.2.z) Upgrade Hibernate ORM from 5.3.7 to 5.3.8 JBEAP-15851 - [ENG] (7.2.z) Upgrade Infinispan from 9.3.3.Final to 9.3.6.Final JBEAP-15869 - (7.2.z) Upgrade Undertow from 2.0.15 to 2.0.19 JBEAP-15876 - (7.2.z) Upgrade Artemis from 2.6.3.redhat-00014 to 2.6.3.redhat-00020 JBEAP-16025 - Upgrade yasson from 1.0.1 to 1.0.2 JBEAP-16037 - GSS Upgrade Narayana from 5.9.0.Final to 5.9.1.Final JBEAP-16086 - (7.2.z) Upgrade WildFly HTTP client from 1.0.12.Final to 1.0.13.Final JBEAP-16090 - GSS Upgrade jboss-ejb-client from 4.0.12 to 4.0.15 JBEAP-16091 - GSS Upgrade wildfly-transaction-client from 1.1.2.Final-redhat-1 to 1.1.3.Final-redhat-1 JBEAP-16112 - (7.2.z) Upgrade FasterXML Jackson from 2.9.5.redhat-2 to 2.9.8 JBEAP-16122 - [Runtimes] (7.2.z) Upgrade istack from 3.0.5.redhat-1 to 3.0.7.redhat-00001 JBEAP-16123 - [Runtimes] (7.2.x) Upgrade commons-digester from 1.8 to 1.8.1.redhat-4 JBEAP-16124 - [Runtimes] (7.2.x) Upgrade hornetq from 2.4.7.redhat-1 to 2.4.7.redhat-2 JBEAP-16125 - [Runtimes] (7.2.x) Upgrade org.jboss.genericjms from 2.0.1.Final-redhat-1 to 2.0.1.Final-redhat-00002 JBEAP-16137 - (7.2.z) (WFCORE) Upgrade FasterXML Jackson from 2.9.2 to 2.9.8 JBEAP-16146 - (7.2.z) Upgrade Elytron from 1.6.1.Final to 1.6.2.Final JBEAP-16147 - (7.2.z) Upgrade Elytron-Tool from 1.4.0 to 1.4.1.Final JBEAP-16234 - Tracker bug for the EAP 7.2.1 release for RHEL-7 JBEAP-16259 - (7.2.z) Upgrade legacy EJB Client from 3.0.2.Final-redhat-1 to 3.0.3.Final-redhat-1 JBEAP-16276 - (7.2.z) Upgrade elytron-web from 1.2.3.Final to 1.2.4.Final JBEAP-16321 - (7.2.z) HHH-13099 HHH-13283 Upgrade ByteBuddy from 1.8.17 to 1.9.5 JBEAP-16347 - (7.2.z) Upgrade jboss-logmanager from 2.1.5.Final-redhat-00001 to 2.1.7.Final JBEAP-16356 - (7.2.z) Upgrade RESTEasy from 3.6.1.SP2 to 3.6.1.SP3 JBEAP-16367 - (7.2.z) Upgrade commons-lang3 from 3.6.0-redhat-1 to 3.8-redhat-00001 JBEAP-16368 - (7.2.z) Upgrade cxf-xjc from 3.2.2.redhat-00001 to 3.2.3.redhat-00002 JBEAP-16369 - (7.2.z) Upgrade httpasyncclient from 4.1.3.redhat-2 to 4.1.4.redhat-00001 JBEAP-16381 - (7.2.z) Upgrade jboss-remoting-jmx from 3.0.0.Final to 3.0.1.Final JBEAP-16418 - (7.2.z) Upgrade Hibernate ORM from 5.3.8 to 5.3.9 JBEAP-9657 - (7.2.z) Upgrade jboss-negotiation from 3.0.4 to 3.0.5.Final-redhat-00001

  1. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  2. Summary:

This is a security update for JBoss EAP Continuous Delivery 18.0. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: Red Hat Data Grid 7.3.3 security update Advisory ID: RHSA-2020:0727-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2020:0727 Issue date: 2020-03-05 CVE Names: CVE-2018-14335 CVE-2019-3805 CVE-2019-3888 CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2019-9518 CVE-2019-10173 CVE-2019-10174 CVE-2019-10184 CVE-2019-10212 CVE-2019-14379 ==================================================================== 1. Summary:

An update for Red Hat Data Grid is now available.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Description:

Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.

This release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat Data Grid 7.3.2 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.

Security Fix(es):

  • HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)

  • HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)

  • HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)

  • HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)

  • xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) (CVE-2019-10173)

  • infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)

  • jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)

  • h2: Information Exposure due to insecure handling of permissions in the backup (CVE-2018-14335)

  • wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805)

  • undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)

  • undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files (CVE-2019-10212)

  • undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

To install this update, do the following:

  1. Download the Data Grid 7.3.3 server patch from the customer portal.
  2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.
  3. Install the Data Grid 7.3.3 server patch. Refer to the 7.3 Release Notes for patching instructions.
  4. Restart Data Grid to ensure the changes take effect.

  5. Bugs fixed (https://bugzilla.redhat.com/):

1610877 - CVE-2018-14335 h2: Information Exposure due to insecure handling of permissions in the backup 1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users 1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed 1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1722971 - CVE-2019-10173 xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) 1731984 - CVE-2019-10212 undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution

  1. References:

https://access.redhat.com/security/cve/CVE-2018-14335 https://access.redhat.com/security/cve/CVE-2019-3805 https://access.redhat.com/security/cve/CVE-2019-3888 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-9518 https://access.redhat.com/security/cve/CVE-2019-10173 https://access.redhat.com/security/cve/CVE-2019-10174 https://access.redhat.com/security/cve/CVE-2019-10184 https://access.redhat.com/security/cve/CVE-2019-10212 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\xdata.grid&downloadType=patches&version=7.3 https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXmD2b9zjgjWX9erEAQhDqA/9G7uM0HlTt4M6Z9Zc23FSbbr+jj1k/o69 a5WWa+xS3Ko4IvlN5rt+wOHSFet+NTMAerNHzAsB2+viX1hr14Hwf3QnIom/yxbJ PaC1djdaZfcvSIODhbq/C5Ilae09x3rW1voQ39i1Q2bsEqVePLZdC75KjvNLsfqe QJCMvcO3jkccxn7k45baCfTGsFyOhHb17Y9DRarWsC7jO9kEjMxrUPN6qKP6BC9t RMuqDxo1aJnatMeCWb7NA0UpOz0+lFpuR+ZZYPV444nGmfTKrbc9c5TuQUCSP+LD sG1+fh2xMztuGxNiJfgSP3iqHmgXD9TBxh1kxn1kt59llCO5+Uqu/O5OsqeQQ0Ym I+a2VAzn2N776sTbWIZ3231IJex68oG+4/fIo6/FVVJpmtDIDgumgErTPD0kkNuT yyyn3u50RZohzSxEz37QdiQDJbiJcJhmtFR5fLRAbFa8Ys2Gw81PGFba95/kVooX K5uSukzOBm8nhxfBvwZDCY/gWuJwVLSAOJb4VoPZiR2WbZsx+9r+spQv6K9wYr5v s//DY88rsUSaMH4kGco//6Dqis8IwOISr/ZR+Edlnrz1rHv9Z4XerMw56VUKIHva mS7rdNmbLqHN0XfZImxewLca2i7sWIlxWrgKF2f4zEO3ermivdis7RdssZkJ9Zv9 S7B2VoNOQj4=zoia -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201905-0080",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0.0"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0.0"
      },
      {
        "model": "wildfly",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "16.0.0"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "wildfly",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "16.0.0"
      },
      {
        "model": "hat wildfly \u003c=16.0.0.final",
        "scope": null,
        "trust": 0.6,
        "vendor": "red",
        "version": null
      },
      {
        "model": "wildfly",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "0"
      },
      {
        "model": "jboss eap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "70"
      },
      {
        "model": "jboss eap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14823"
      },
      {
        "db": "BID",
        "id": "108115"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003857"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3805"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:wildfly:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "16.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-3805"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "153980"
      },
      {
        "db": "PACKETSTORM",
        "id": "152764"
      },
      {
        "db": "PACKETSTORM",
        "id": "152765"
      },
      {
        "db": "PACKETSTORM",
        "id": "152766"
      },
      {
        "db": "PACKETSTORM",
        "id": "158095"
      },
      {
        "db": "PACKETSTORM",
        "id": "156628"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-107"
      }
    ],
    "trust": 1.2
  },
  "cve": "CVE-2019-3805",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.7,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.4,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 4.7,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-3805",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.7,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.4,
            "id": "CNVD-2019-14823",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.0,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "secalert@redhat.com",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 4.7,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-3805",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-3805",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "secalert@redhat.com",
            "id": "CVE-2019-3805",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-14823",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201905-107",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-3805",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14823"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3805"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003857"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-107"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3805"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3805"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root. wildfly Contains a race condition vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. RedHatWildfly is a JavaEE-based lightweight open source application server from RedHat. A race condition issue vulnerability exists in RedHatWildfly16.0.0.Final and prior versions. The vulnerability stems from the improper handling of concurrent access when the network system or product is running and concurrent code needs to access shared resources mutually exclusive. Redhat Wildfly is prone to a local denial of service vulnerability. \nAn attacker can leverage this issue to cause a denial of service condition. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.4.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/\n\n4. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1628702 - CVE-2018-14642 undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer\n1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1671096 - CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver\n1671097 - CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library\n1677341 - CVE-2018-11307 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis\n1682108 - CVE-2019-3894 wildfly: wrong SecurityIdentity for EE concurrency threads that are reused\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-14861 - [GSS](7.2.z) Upgrade JBeret from 1.3.1.Final to 1.3.2.Final\nJBEAP-15392 - (7.2.z) Upgrade Apache CXF from 3.2.5 to 3.2.7\nJBEAP-15477 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4\nJBEAP-15478 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4\nJBEAP-15568 - [GSS](7.2.z) Upgrade ironjacamar from 1.4.11 Final to 1.4.15 Final\nJBEAP-15617 - (7.2.z) Upgrade WildFly Core from 6.0.11 to 6.0.12\nJBEAP-15622 - [GSS](7.2.z) Upgrade jboss-el-api_spec from 1.0.12.Final to 1.0.13.Final\nJBEAP-15748 - [GSS](7.2.z) Upgrade jastow from 2.0.6.Final-redhat-00001 to 2.0.7.Final-redhat-00001\nJBEAP-15805 - (7.2.z) Upgrade Hibernate ORM from 5.3.7 to 5.3.8\nJBEAP-15851 - [ENG] (7.2.z) Upgrade Infinispan from 9.3.3.Final to 9.3.6.Final\nJBEAP-15869 - (7.2.z) Upgrade Undertow from 2.0.15 to 2.0.19\nJBEAP-15876 - (7.2.z) Upgrade Artemis from 2.6.3.redhat-00014 to 2.6.3.redhat-00020\nJBEAP-16025 - Upgrade yasson from 1.0.1 to 1.0.2\nJBEAP-16037 - [GSS](7.2.z) Upgrade Narayana from 5.9.0.Final to 5.9.1.Final\nJBEAP-16086 - (7.2.z) Upgrade WildFly HTTP client from 1.0.12.Final to 1.0.13.Final\nJBEAP-16090 - [GSS](7.2.z) Upgrade jboss-ejb-client from 4.0.12 to 4.0.15\nJBEAP-16091 - [GSS](7.2.z) Upgrade wildfly-transaction-client from 1.1.2.Final-redhat-1 to 1.1.3.Final-redhat-1\nJBEAP-16112 - (7.2.z) Upgrade FasterXML Jackson from 2.9.5.redhat-2 to 2.9.8\nJBEAP-16122 - [Runtimes] (7.2.z) Upgrade istack from 3.0.5.redhat-1 to 3.0.7.redhat-00001\nJBEAP-16123 - [Runtimes] (7.2.x) Upgrade commons-digester from 1.8 to 1.8.1.redhat-4\nJBEAP-16124 - [Runtimes] (7.2.x) Upgrade hornetq from 2.4.7.redhat-1 to 2.4.7.redhat-2\nJBEAP-16125 - [Runtimes] (7.2.x) Upgrade org.jboss.genericjms from 2.0.1.Final-redhat-1 to 2.0.1.Final-redhat-00002\nJBEAP-16137 - (7.2.z) (WFCORE) Upgrade FasterXML Jackson from 2.9.2 to 2.9.8\nJBEAP-16146 - (7.2.z) Upgrade Elytron from 1.6.1.Final to 1.6.2.Final\nJBEAP-16147 - (7.2.z) Upgrade Elytron-Tool from 1.4.0 to 1.4.1.Final\nJBEAP-16234 - Tracker bug for the EAP 7.2.1 release for RHEL-7\nJBEAP-16259 -  (7.2.z) Upgrade legacy EJB Client from 3.0.2.Final-redhat-1 to 3.0.3.Final-redhat-1\nJBEAP-16276 - (7.2.z) Upgrade elytron-web from 1.2.3.Final to 1.2.4.Final\nJBEAP-16321 - (7.2.z) HHH-13099 HHH-13283 Upgrade ByteBuddy from 1.8.17 to 1.9.5\nJBEAP-16347 - (7.2.z) Upgrade jboss-logmanager from 2.1.5.Final-redhat-00001 to 2.1.7.Final\nJBEAP-16356 - (7.2.z) Upgrade RESTEasy from 3.6.1.SP2 to 3.6.1.SP3\nJBEAP-16367 - (7.2.z) Upgrade commons-lang3 from 3.6.0-redhat-1 to 3.8-redhat-00001\nJBEAP-16368 - (7.2.z) Upgrade cxf-xjc from 3.2.2.redhat-00001 to 3.2.3.redhat-00002\nJBEAP-16369 - (7.2.z) Upgrade httpasyncclient from 4.1.3.redhat-2 to 4.1.4.redhat-00001\nJBEAP-16381 - (7.2.z) Upgrade jboss-remoting-jmx from 3.0.0.Final to 3.0.1.Final\nJBEAP-16418 - (7.2.z) Upgrade Hibernate ORM from 5.3.8 to 5.3.9\nJBEAP-9657 - (7.2.z) Upgrade jboss-negotiation from 3.0.4 to 3.0.5.Final-redhat-00001\n\n7.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 18.0. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: Red Hat Data Grid 7.3.3 security update\nAdvisory ID:       RHSA-2020:0727-01\nProduct:           Red Hat JBoss Data Grid\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:0727\nIssue date:        2020-03-05\nCVE Names:         CVE-2018-14335 CVE-2019-3805 CVE-2019-3888\n                   CVE-2019-9512 CVE-2019-9514 CVE-2019-9515\n                   CVE-2019-9518 CVE-2019-10173 CVE-2019-10174\n                   CVE-2019-10184 CVE-2019-10212 CVE-2019-14379\n====================================================================\n1. Summary:\n\nAn update for Red Hat Data Grid is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat\nData Grid 7.3.2 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. \n\nSecurity Fix(es):\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: flood using empty frames results in excessive resource\nconsumption (CVE-2019-9518)\n\n* xstream: remote code execution due to insecure XML deserialization\n(regression of  CVE-2013-7285) (CVE-2019-10173)\n\n* infinispan: invokeAccessibly method from ReflectionUtil class allows to\ninvoke private methods (CVE-2019-10174)\n\n* jackson-databind: default typing mishandling leading to remote code\nexecution (CVE-2019-14379)\n\n* h2: Information Exposure due to insecure handling of permissions in the\nbackup (CVE-2018-14335)\n\n* wildfly: Race condition on PID file allows for termination of arbitrary\nprocesses by local users (CVE-2019-3805)\n\n* undertow: leak credentials to log files\nUndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)\n\n* undertow: DEBUG log for io.undertow.request.security if enabled leaks\ncredentials to log files (CVE-2019-10212)\n\n* undertow: Information leak in requests for directories without trailing\nslashes (CVE-2019-10184)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.3 server patch from the customer portal. \n2. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. \n3. Install the Data Grid 7.3.3 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. \n4. Restart Data Grid to ensure the changes take effect. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1610877 - CVE-2018-14335 h2: Information Exposure due to insecure handling of permissions in the backup\n1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users\n1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed\n1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods\n1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes\n1722971 - CVE-2019-10173 xstream: remote code execution due to insecure XML deserialization (regression of  CVE-2013-7285)\n1731984 - CVE-2019-10212 undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files\n1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth\n1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth\n1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14335\nhttps://access.redhat.com/security/cve/CVE-2019-3805\nhttps://access.redhat.com/security/cve/CVE-2019-3888\nhttps://access.redhat.com/security/cve/CVE-2019-9512\nhttps://access.redhat.com/security/cve/CVE-2019-9514\nhttps://access.redhat.com/security/cve/CVE-2019-9515\nhttps://access.redhat.com/security/cve/CVE-2019-9518\nhttps://access.redhat.com/security/cve/CVE-2019-10173\nhttps://access.redhat.com/security/cve/CVE-2019-10174\nhttps://access.redhat.com/security/cve/CVE-2019-10184\nhttps://access.redhat.com/security/cve/CVE-2019-10212\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\\xdata.grid\u0026downloadType=patches\u0026version=7.3\nhttps://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXmD2b9zjgjWX9erEAQhDqA/9G7uM0HlTt4M6Z9Zc23FSbbr+jj1k/o69\na5WWa+xS3Ko4IvlN5rt+wOHSFet+NTMAerNHzAsB2+viX1hr14Hwf3QnIom/yxbJ\nPaC1djdaZfcvSIODhbq/C5Ilae09x3rW1voQ39i1Q2bsEqVePLZdC75KjvNLsfqe\nQJCMvcO3jkccxn7k45baCfTGsFyOhHb17Y9DRarWsC7jO9kEjMxrUPN6qKP6BC9t\nRMuqDxo1aJnatMeCWb7NA0UpOz0+lFpuR+ZZYPV444nGmfTKrbc9c5TuQUCSP+LD\nsG1+fh2xMztuGxNiJfgSP3iqHmgXD9TBxh1kxn1kt59llCO5+Uqu/O5OsqeQQ0Ym\nI+a2VAzn2N776sTbWIZ3231IJex68oG+4/fIo6/FVVJpmtDIDgumgErTPD0kkNuT\nyyyn3u50RZohzSxEz37QdiQDJbiJcJhmtFR5fLRAbFa8Ys2Gw81PGFba95/kVooX\nK5uSukzOBm8nhxfBvwZDCY/gWuJwVLSAOJb4VoPZiR2WbZsx+9r+spQv6K9wYr5v\ns//DY88rsUSaMH4kGco//6Dqis8IwOISr/ZR+Edlnrz1rHv9Z4XerMw56VUKIHva\nmS7rdNmbLqHN0XfZImxewLca2i7sWIlxWrgKF2f4zEO3ermivdis7RdssZkJ9Zv9\nS7B2VoNOQj4=zoia\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-3805"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003857"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-14823"
      },
      {
        "db": "BID",
        "id": "108115"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3805"
      },
      {
        "db": "PACKETSTORM",
        "id": "153980"
      },
      {
        "db": "PACKETSTORM",
        "id": "152764"
      },
      {
        "db": "PACKETSTORM",
        "id": "152765"
      },
      {
        "db": "PACKETSTORM",
        "id": "152766"
      },
      {
        "db": "PACKETSTORM",
        "id": "158095"
      },
      {
        "db": "PACKETSTORM",
        "id": "156628"
      }
    ],
    "trust": 3.06
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-3805",
        "trust": 4.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003857",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "152766",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "158095",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "156628",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-14823",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1618",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2071",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1638",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0832",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "152779",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-107",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "108115",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3805",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "153980",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "152764",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "152765",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14823"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3805"
      },
      {
        "db": "BID",
        "id": "108115"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003857"
      },
      {
        "db": "PACKETSTORM",
        "id": "153980"
      },
      {
        "db": "PACKETSTORM",
        "id": "152764"
      },
      {
        "db": "PACKETSTORM",
        "id": "152765"
      },
      {
        "db": "PACKETSTORM",
        "id": "152766"
      },
      {
        "db": "PACKETSTORM",
        "id": "158095"
      },
      {
        "db": "PACKETSTORM",
        "id": "156628"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-107"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3805"
      }
    ]
  },
  "id": "VAR-201905-0080",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14823"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14823"
      }
    ]
  },
  "last_update_date": "2024-07-23T19:54:24.312000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Bug 1660263",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3805"
      },
      {
        "title": "RHSA-2019:1106",
        "trust": 0.8,
        "url": "https://access.redhat.com/errata/rhsa-2019:1106"
      },
      {
        "title": "RHSA-2019:1107",
        "trust": 0.8,
        "url": "https://access.redhat.com/errata/rhsa-2019:1107"
      },
      {
        "title": "RHSA-2019:1108",
        "trust": 0.8,
        "url": "https://access.redhat.com/errata/rhsa-2019:1108"
      },
      {
        "title": "RHSA-2019:1140",
        "trust": 0.8,
        "url": "https://access.redhat.com/errata/rhsa-2019:1140"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 7 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191108 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat Fuse 7.4.0 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192413 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 6 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191107 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191106 - security advisory"
      },
      {
        "title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 18 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202565 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat Single Sign-On 7.3.1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191140 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat Data Grid 7.3.3 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200727 - security advisory"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-3805"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003857"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-269",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-362",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003857"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3805"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://access.redhat.com/errata/rhsa-2019:1106"
      },
      {
        "trust": 2.4,
        "url": "https://access.redhat.com/errata/rhsa-2019:2413"
      },
      {
        "trust": 2.3,
        "url": "https://access.redhat.com/errata/rhsa-2019:1140"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3805"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2019:1108"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2019:1107"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2020:0727"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3805"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20190517-0004/"
      },
      {
        "trust": 0.9,
        "url": "https://access.redhat.com/security/cve/cve-2019-3805"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3805"
      },
      {
        "trust": 0.6,
        "url": "https://web.nvd.nist.gov//vuln/detail/cve-2019-3805"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2071/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152779/red-hat-security-advisory-2019-1140-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158095/red-hat-security-advisory-2020-2565-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0832/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/red-hat-jboss-enterprise-application-platform-wildfly-privilege-escalation-29227"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152766/red-hat-security-advisory-2019-1107-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/80598"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/80514"
      },
      {
        "trust": 0.3,
        "url": "http://wildfly.org/"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660263"
      },
      {
        "trust": 0.3,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14642"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12022"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2018-14720"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12023"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2018-12023"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2018-14642"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2018-14721"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2018-12022"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11307"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-3894"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2018-11307"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3894"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9512"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9514"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9515"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/269.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=60107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.4.0"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-1320"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-10899"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10750"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0192"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-8088"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10899"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1320"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-10750"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15758"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8088"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0192"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-1258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-15758"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.2"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9511"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11619"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2565"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11620"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19343"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19343"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14335"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10184"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10173"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=patches\u0026version=7.3"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3888"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10173"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9518"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3888"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10212"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10212"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10184"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10174"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14335"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14379"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14823"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3805"
      },
      {
        "db": "BID",
        "id": "108115"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003857"
      },
      {
        "db": "PACKETSTORM",
        "id": "153980"
      },
      {
        "db": "PACKETSTORM",
        "id": "152764"
      },
      {
        "db": "PACKETSTORM",
        "id": "152765"
      },
      {
        "db": "PACKETSTORM",
        "id": "152766"
      },
      {
        "db": "PACKETSTORM",
        "id": "158095"
      },
      {
        "db": "PACKETSTORM",
        "id": "156628"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-107"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3805"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14823"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3805"
      },
      {
        "db": "BID",
        "id": "108115"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003857"
      },
      {
        "db": "PACKETSTORM",
        "id": "153980"
      },
      {
        "db": "PACKETSTORM",
        "id": "152764"
      },
      {
        "db": "PACKETSTORM",
        "id": "152765"
      },
      {
        "db": "PACKETSTORM",
        "id": "152766"
      },
      {
        "db": "PACKETSTORM",
        "id": "158095"
      },
      {
        "db": "PACKETSTORM",
        "id": "156628"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-107"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3805"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-14823"
      },
      {
        "date": "2019-05-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-3805"
      },
      {
        "date": "2018-12-18T00:00:00",
        "db": "BID",
        "id": "108115"
      },
      {
        "date": "2019-05-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003857"
      },
      {
        "date": "2019-08-08T14:34:03",
        "db": "PACKETSTORM",
        "id": "153980"
      },
      {
        "date": "2019-05-08T17:45:48",
        "db": "PACKETSTORM",
        "id": "152764"
      },
      {
        "date": "2019-05-08T17:45:55",
        "db": "PACKETSTORM",
        "id": "152765"
      },
      {
        "date": "2019-05-08T17:46:03",
        "db": "PACKETSTORM",
        "id": "152766"
      },
      {
        "date": "2020-06-16T00:54:44",
        "db": "PACKETSTORM",
        "id": "158095"
      },
      {
        "date": "2020-03-05T14:41:17",
        "db": "PACKETSTORM",
        "id": "156628"
      },
      {
        "date": "2019-05-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-107"
      },
      {
        "date": "2019-05-03T20:29:01.263000",
        "db": "NVD",
        "id": "CVE-2019-3805"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-14823"
      },
      {
        "date": "2020-10-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-3805"
      },
      {
        "date": "2018-12-18T00:00:00",
        "db": "BID",
        "id": "108115"
      },
      {
        "date": "2019-05-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003857"
      },
      {
        "date": "2020-10-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-107"
      },
      {
        "date": "2020-10-16T16:04:34.210000",
        "db": "NVD",
        "id": "CVE-2019-3805"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "108115"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-107"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "wildfly Race condition vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003857"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "competition condition problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-107"
      }
    ],
    "trust": 0.6
  }
}

var-202005-1054
Vulnerability from variot

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. dom4j To XML There is a vulnerability in an external entity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. dom4j is an open source framework for processing XML. A code issue vulnerability exists in dom4j versions prior to 2.0.3 and 2.1.x versions prior to 2.1.3. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products. The purpose of this text-only errata is to inform you about the security issues fixed in this release.

Installation instructions are available from the Fuse 7.8.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update Advisory ID: RHSA-2020:3461-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:3461 Issue date: 2020-08-17 CVE Names: CVE-2019-14900 CVE-2020-1710 CVE-2020-1748 CVE-2020-10672 CVE-2020-10673 CVE-2020-10683 CVE-2020-10687 CVE-2020-10693 CVE-2020-10714 CVE-2020-10718 CVE-2020-10740 CVE-2020-14297 =====================================================================

  1. Summary:

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat JBoss EAP 7.3 for RHEL 6 Server - noarch

  1. Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)

  • dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)

  • wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)

  • wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)

  • jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)

  • hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)

  • wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)

  • jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)

  • undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)

  • hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)

  • wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)

  • wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.

  1. Solution:

Before applying this update, ensure all previously released errata relevant to your system have been applied.

For details about how to apply this update, see:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service

  1. JIRA issues fixed (https://issues.jboss.org/):

JBEAP-18793 - GSS Upgrade Hibernate ORM from 5.3.16 to 5.3.17 JBEAP-19095 - GSS Upgrade wildfly-http-client from 1.0.20 to 1.0.21 JBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final JBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final JBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m JBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x JBEAP-19269 - GSS Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final JBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1 JBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001 JBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001 JBEAP-19409 - Tracker bug for the EAP 7.3.2 release for RHEL-6 JBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. JBEAP-19564 - GSS Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001 JBEAP-19585 - GSS Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6 JBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001 JBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001 JBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final JBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final JBEAP-19874 - GSS Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001

  1. Package List:

Red Hat JBoss EAP 7.3 for RHEL 6 Server:

Source: eap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.src.rpm eap7-elytron-web-1.6.2-1.Final_redhat_00001.1.el6eap.src.rpm eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.src.rpm eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.src.rpm eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.src.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-jaxrs-providers-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.src.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.src.rpm eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.src.rpm eap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.src.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.src.rpm eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.src.rpm eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.src.rpm eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-http-client-1.0.22-1.Final_redhat_00001.1.el6eap.src.rpm

noarch: eap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.noarch.rpm eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-core-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-entitymanager-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-envers-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-java8-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-validator-cdi-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-jdbc-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-remote-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-client-hotrod-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-core-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-validator-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-datatype-jdk8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-datatype-jsr310-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-jaxrs-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-core-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.noarch.rpm eap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-netty-all-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-server-1.6.2-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-client-common-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-javadocs-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-modules-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2020-1710 https://access.redhat.com/security/cve/CVE-2020-1748 https://access.redhat.com/security/cve/CVE-2020-10672 https://access.redhat.com/security/cve/CVE-2020-10673 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10687 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/cve/CVE-2020-10718 https://access.redhat.com/security/cve/CVE-2020-10740 https://access.redhat.com/security/cve/CVE-2020-14297 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXzqIS9zjgjWX9erEAQjYNxAAk4rojlcRbfjwu0wlWLTU1MbxQNclVtVh MpQnFzyvJVVXX0lslx7NGxHlRNWRgqI/XC1QDqlHpRs4du5/a2Uj+8c5u+WPQefF QCqOvSntbMli42/I7+fCehLVofx/HkuAVcBoGrIGby1E4rddDljh4bH3r43I7wa5 HN9ki8uFAy8bIAzfXW+RB4rxtnsAABv/VFoH1fWmrXCXE6A6aG+AU86ddty0JQHN JhQp6v/X/3ccCvHYTAO8vlbqIJ4fE86e1+5oRBor+4ZD4mMVzGKm4cf8CMPXsKIB 9dFGo8WHFBgEi4hBbBFtFfaE2DGZ6K4Q7X0IAhiiYJmpPg8NgzGiqVvOAG+/OrBz DE84ZPxZwS1zR82wwIyHP4W5mYIhQTxhtp+E9Klu4gpFIAmK8bVfGf2Ub0HOCS6z sbN1Eiv0SBfWRHBfBkuRTBd0aEcmGRNl4GSXzXtanTf0OhFk/4pxdJPmKDEBFWvg 3dtwFi7+/8JoAch8GKQCo4UoSo6etQu45sUH6Q8ozuxYA72+J9K7cpwp/fVhiYRT nruC+2HDuugrC8UVJ/24E++49omdSXAm+UR9tvkFdVU3IpXLJNWO8s4QbrGC7CN7 Lvg/ukygGhrEEyQ1J9yYSeeNISQWJGOSKj/bgYRAh/AbX/QcZZfus7ppAasNjndn Bk4PSTq9yaw= =ZNiG -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Summary:

This is a security update for JBoss EAP Continuous Delivery 20.

The References section of this erratum contains a download link (you must log in to download the update).

The JBoss server process must be restarted for the update to take effect

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202005-1054",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "insurance rules palette",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.2.0"
      },
      {
        "model": "communications unified inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.3.0"
      },
      {
        "model": "banking platform",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "2.10.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2.2"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "model": "insurance policy administration j2ee",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1.0"
      },
      {
        "model": "business process management suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "insurance policy administration j2ee",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.2.4"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "insurance policy administration j2ee",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.2.0"
      },
      {
        "model": "insurance rules palette",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.2.4"
      },
      {
        "model": "utilities framework",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.3.0.1.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.1.0.0"
      },
      {
        "model": "utilities framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.4.0.2.0"
      },
      {
        "model": "flexcube core banking",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.8.0"
      },
      {
        "model": "dom4j",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "dom4j",
        "version": "2.1.0"
      },
      {
        "model": "data integrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "endeca information discovery integrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.2.0"
      },
      {
        "model": "utilities framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.2.0.2.0"
      },
      {
        "model": "jdeveloper",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "snapmanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "documaker",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.6.0"
      },
      {
        "model": "webcenter portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1.1.9.0"
      },
      {
        "model": "snap creator framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "retail customer management and segmentation foundation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.0"
      },
      {
        "model": "snapcenter",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.12.17.1"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.12.6.0"
      },
      {
        "model": "webcenter portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "insurance rules palette",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.3.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "utilities framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "2.2.0.0.0"
      },
      {
        "model": "health sciences information manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.0.1"
      },
      {
        "model": "dom4j",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "dom4j",
        "version": "2.1.3"
      },
      {
        "model": "health sciences empirica signal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.0"
      },
      {
        "model": "business process management suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "insurance rules palette",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.0.2"
      },
      {
        "model": "insurance policy administration j2ee",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.0.2"
      },
      {
        "model": "retail customer management and segmentation foundation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.0"
      },
      {
        "model": "insurance rules palette",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1.0"
      },
      {
        "model": "utilities framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.4.0.0.0"
      },
      {
        "model": "agile plm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.3.5"
      },
      {
        "model": "financial services analytical applications infrastructure",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.6"
      },
      {
        "model": "communications application session controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.9m0p1"
      },
      {
        "model": "retail price management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.0.3"
      },
      {
        "model": "rapid planning",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2"
      },
      {
        "model": "communications unified inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.4.0"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.4.0.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.8.19.0"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.4"
      },
      {
        "model": "retail order broker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.1"
      },
      {
        "model": "dom4j",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "dom4j",
        "version": "2.0.3"
      },
      {
        "model": "banking platform",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "2.4.0"
      },
      {
        "model": "retail price management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.3.0"
      },
      {
        "model": "oncommand api services",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.1"
      },
      {
        "model": "agile plm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.3.3"
      },
      {
        "model": "retail customer management and segmentation foundation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.1.0.0"
      },
      {
        "model": "flexcube core banking",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.9.0"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.12.0.0"
      },
      {
        "model": "webcenter portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "retail price management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3.0"
      },
      {
        "model": "retail customer management and segmentation foundation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "retail order broker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "retail price management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.2.20.1"
      },
      {
        "model": "rapid planning",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "retail order broker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.0"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.0.4"
      },
      {
        "model": "documaker",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.6.4"
      },
      {
        "model": "data integrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "insurance policy administration j2ee",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.3.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.1.0.0"
      },
      {
        "model": "utilities framework",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.3.0.6.0"
      },
      {
        "model": "financial services analytical applications infrastructure",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.0"
      },
      {
        "model": "utilities framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.2.0.3.0"
      },
      {
        "model": "enterprise data quality",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1.1.9.0"
      },
      {
        "model": "flexcube core banking",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.7.0"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.0.3"
      },
      {
        "model": "flexcube core banking",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.10.0"
      },
      {
        "model": "retail order broker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.0"
      },
      {
        "model": "application testing suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.3.0.1"
      },
      {
        "model": "retail order broker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0"
      },
      {
        "model": "storagetek tape analytics sw tool",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "2.3"
      },
      {
        "model": "enterprise data quality",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.6"
      },
      {
        "model": "dom4j",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "dom4j",
        "version": "2.1.3"
      },
      {
        "model": "decision manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "jboss enterprise application platform",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "jboss enterprise application platform continuous delivery",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "process automation",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "jboss fuse",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "software collections",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "single sign-on",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004997"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-10683"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dom4j_project:dom4j:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.1.3",
                "versionStartIncluding": "2.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dom4j_project:dom4j:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.0.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:flexcube_core_banking:11.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1.0",
                "versionStartIncluding": "8.0.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "17.12.17.1",
                "versionStartIncluding": "17.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "16.2.20.1",
                "versionStartIncluding": "16.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "18.8.19.0",
                "versionStartIncluding": "18.1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "19.12.6.0",
                "versionStartIncluding": "19.12.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.3.0.6.0",
                "versionStartIncluding": "4.3.0.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.2.2",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_data_quality:11.1.1.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.10.0",
                "versionStartIncluding": "2.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.3.0",
                "versionStartIncluding": "11.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:14.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:19.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.6.4",
                "versionStartIncluding": "12.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:flexcube_core_banking:11.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:flexcube_core_banking:11.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.3.0",
                "versionStartIncluding": "11.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-10683"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "160562"
      },
      {
        "db": "PACKETSTORM",
        "id": "158884"
      },
      {
        "db": "PACKETSTORM",
        "id": "159015"
      },
      {
        "db": "PACKETSTORM",
        "id": "158891"
      },
      {
        "db": "PACKETSTORM",
        "id": "159080"
      },
      {
        "db": "PACKETSTORM",
        "id": "158881"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1133"
      }
    ],
    "trust": 1.2
  },
  "cve": "CVE-2020-10683",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004997",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-163186",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-10683",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004997",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-10683",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-004997",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202004-1133",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-163186",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-10683",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-163186"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-10683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004997"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1133"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-10683"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. dom4j To XML There is a vulnerability in an external entity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. dom4j is an open source framework for processing XML. A code issue vulnerability exists in dom4j versions prior to 2.0.3 and 2.1.x versions prior to 2.1.3. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.8.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update\nAdvisory ID:       RHSA-2020:3461-01\nProduct:           Red Hat JBoss Enterprise Application Platform\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:3461\nIssue date:        2020-08-17\nCVE Names:         CVE-2019-14900 CVE-2020-1710 CVE-2020-1748 \n                   CVE-2020-10672 CVE-2020-10673 CVE-2020-10683 \n                   CVE-2020-10687 CVE-2020-10693 CVE-2020-10714 \n                   CVE-2020-10718 CVE-2020-10740 CVE-2020-14297 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.3 for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.3 for RHEL 6 Server - noarch\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1,\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.3.2 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API\n(CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser\n(CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication\n(CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to\npermitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM\n(CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans\n(CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230\n(CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when\nusing alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial\nof Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, see the CVE page(s) listed in the\nReferences section. \n\n4. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM\n1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser\n1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API\n1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans\n1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18793 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.16 to 5.3.17\nJBEAP-19095 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.20 to 1.0.21\nJBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final\nJBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final\nJBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m\nJBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x\nJBEAP-19269 - [GSS](7.3.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final\nJBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1\nJBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001\nJBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001\nJBEAP-19409 - Tracker bug for the EAP 7.3.2 release for RHEL-6\nJBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. \nJBEAP-19564 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001\nJBEAP-19585 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6\nJBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001\nJBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001\nJBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final\nJBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final\nJBEAP-19874 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001\n\n7. Package List:\n\nRed Hat JBoss EAP 7.3 for RHEL 6 Server:\n\nSource:\neap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.src.rpm\neap7-elytron-web-1.6.2-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.src.rpm\neap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-jaxrs-providers-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.src.rpm\neap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.src.rpm\neap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.src.rpm\neap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.src.rpm\neap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.src.rpm\neap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.src.rpm\neap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-wildfly-http-client-1.0.22-1.Final_redhat_00001.1.el6eap.src.rpm\n\nnoarch:\neap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.noarch.rpm\neap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-core-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-envers-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-java8-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-validator-cdi-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-cachestore-jdbc-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-cachestore-remote-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-client-hotrod-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-core-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-hibernate-cache-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-hibernate-cache-spi-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-hibernate-cache-v53-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-common-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-common-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-common-spi-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-core-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-core-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-deployers-common-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-jdbc-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-validator-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-datatype-jdk8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-datatype-jsr310-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-jaxrs-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-module-jaxb-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-cli-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-core-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.3-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly13.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly14.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly15.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly16.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly17.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly18.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.noarch.rpm\neap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-netty-all-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.noarch.rpm\neap7-undertow-server-1.6.2-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm\neap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-elytron-tool-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-client-common-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-ejb-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-naming-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-transaction-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-javadocs-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm\neap7-wildfly-modules-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-14900\nhttps://access.redhat.com/security/cve/CVE-2020-1710\nhttps://access.redhat.com/security/cve/CVE-2020-1748\nhttps://access.redhat.com/security/cve/CVE-2020-10672\nhttps://access.redhat.com/security/cve/CVE-2020-10673\nhttps://access.redhat.com/security/cve/CVE-2020-10683\nhttps://access.redhat.com/security/cve/CVE-2020-10687\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10714\nhttps://access.redhat.com/security/cve/CVE-2020-10718\nhttps://access.redhat.com/security/cve/CVE-2020-10740\nhttps://access.redhat.com/security/cve/CVE-2020-14297\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXzqIS9zjgjWX9erEAQjYNxAAk4rojlcRbfjwu0wlWLTU1MbxQNclVtVh\nMpQnFzyvJVVXX0lslx7NGxHlRNWRgqI/XC1QDqlHpRs4du5/a2Uj+8c5u+WPQefF\nQCqOvSntbMli42/I7+fCehLVofx/HkuAVcBoGrIGby1E4rddDljh4bH3r43I7wa5\nHN9ki8uFAy8bIAzfXW+RB4rxtnsAABv/VFoH1fWmrXCXE6A6aG+AU86ddty0JQHN\nJhQp6v/X/3ccCvHYTAO8vlbqIJ4fE86e1+5oRBor+4ZD4mMVzGKm4cf8CMPXsKIB\n9dFGo8WHFBgEi4hBbBFtFfaE2DGZ6K4Q7X0IAhiiYJmpPg8NgzGiqVvOAG+/OrBz\nDE84ZPxZwS1zR82wwIyHP4W5mYIhQTxhtp+E9Klu4gpFIAmK8bVfGf2Ub0HOCS6z\nsbN1Eiv0SBfWRHBfBkuRTBd0aEcmGRNl4GSXzXtanTf0OhFk/4pxdJPmKDEBFWvg\n3dtwFi7+/8JoAch8GKQCo4UoSo6etQu45sUH6Q8ozuxYA72+J9K7cpwp/fVhiYRT\nnruC+2HDuugrC8UVJ/24E++49omdSXAm+UR9tvkFdVU3IpXLJNWO8s4QbrGC7CN7\nLvg/ukygGhrEEyQ1J9yYSeeNISQWJGOSKj/bgYRAh/AbX/QcZZfus7ppAasNjndn\nBk4PSTq9yaw=\n=ZNiG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 20. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-10683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004997"
      },
      {
        "db": "VULHUB",
        "id": "VHN-163186"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-10683"
      },
      {
        "db": "PACKETSTORM",
        "id": "160562"
      },
      {
        "db": "PACKETSTORM",
        "id": "158884"
      },
      {
        "db": "PACKETSTORM",
        "id": "159015"
      },
      {
        "db": "PACKETSTORM",
        "id": "158891"
      },
      {
        "db": "PACKETSTORM",
        "id": "159080"
      },
      {
        "db": "PACKETSTORM",
        "id": "158881"
      }
    ],
    "trust": 2.34
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-163186",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-163186"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-10683",
        "trust": 3.2
      },
      {
        "db": "PACKETSTORM",
        "id": "160562",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "158891",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "159015",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004997",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1133",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "159083",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "159921",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "158916",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "159544",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2837",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4464",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2087",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2826",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1581",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3781",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3894",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2992",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3742",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3513",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3065",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021042542",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072165",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022072096",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021042642",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072747",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "47453",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "158881",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "159080",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "158884",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "159081",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158889",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "159924",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "159082",
        "trust": 0.1
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-33467",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-163186",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-10683",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-163186"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-10683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004997"
      },
      {
        "db": "PACKETSTORM",
        "id": "160562"
      },
      {
        "db": "PACKETSTORM",
        "id": "158884"
      },
      {
        "db": "PACKETSTORM",
        "id": "159015"
      },
      {
        "db": "PACKETSTORM",
        "id": "158891"
      },
      {
        "db": "PACKETSTORM",
        "id": "159080"
      },
      {
        "db": "PACKETSTORM",
        "id": "158881"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1133"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-10683"
      }
    ]
  },
  "id": "VAR-202005-1054",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-163186"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T22:03:49.580000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SAXReader uses system default XMLReader with its defaults. New factory method SAXReader.createDefault() sets more secure defaults.",
        "trust": 0.8,
        "url": "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658"
      },
      {
        "title": "version-2.1.3",
        "trust": 0.8,
        "url": "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3"
      },
      {
        "title": "Bug 1694235",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
      },
      {
        "title": "dom4j Fixes for code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=116859"
      },
      {
        "title": "Debian CVElist Bug Report Logs: dom4j: CVE-2020-10683: XML External Entity vulnerability in default SAX parser",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=92018ce9305762cd7f6c51b2cc808332"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Decision Manager 7.9.0 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204960 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Process Automation Manager 7.9.0 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204961 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203463 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203461 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203462 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203464 - security advisory"
      },
      {
        "title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 20 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203585 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat Single Sign-On 7.4.2 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203501 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203637 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203639 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203642 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203638 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat Fuse 7.8.0 release and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205568 - security advisory"
      },
      {
        "title": "PHunter",
        "trust": 0.1,
        "url": "https://github.com/anonymous-phunter/phunter "
      },
      {
        "title": "PHunter",
        "trust": 0.1,
        "url": "https://github.com/cgcl-codes/phunter "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-10683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004997"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1133"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-611",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-163186"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004997"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-10683"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 2.4,
        "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
      },
      {
        "trust": 2.4,
        "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
      },
      {
        "trust": 2.4,
        "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
      },
      {
        "trust": 2.4,
        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20200518-0002/"
      },
      {
        "trust": 1.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
      },
      {
        "trust": 1.8,
        "url": "https://cheatsheetseries.owasp.org/cheatsheets/xml_external_entity_prevention_cheat_sheet.html"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/dom4j/dom4j/commits/version-2.0.3"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/dom4j/dom4j/issues/87"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html"
      },
      {
        "trust": 1.8,
        "url": "https://usn.ubuntu.com/4575-1/"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-10683"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3cdev.velocity.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3cdev.velocity.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3cnotifications.freemarker.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10683"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3cnotifications.freemarker.apache.org%3e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32@%3cdev.velocity.apache.org%3e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8@%3cdev.velocity.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10740"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-14900"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-10740"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3513/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3781"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160562/red-hat-security-advisory-2020-5568-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022072096"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2992/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159544/ubuntu-security-notice-usn-4575-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4464/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2087/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159015/red-hat-security-advisory-2020-3585-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072165"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159921/red-hat-security-advisory-2020-4960-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2837/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6525182"
      },
      {
        "trust": 0.6,
        "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158916/red-hat-security-advisory-2020-3501-01.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/47453"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3894/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1581/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletinibm-resilient-soar-is-using-components-with-known-vulnerabilities-dom4j-cve-2020-10683/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158891/red-hat-security-advisory-2020-3463-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021042542"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072747"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021042642"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2826/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/dom4j-external-xml-entity-injection-via-saxreader-32161"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-dom4j-as-used-by-ibm-qradar-siem-contains-multiple-vulnerabilities-cve-2018-1000632-cve-2020-10683/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3742/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3065/"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2020-10714"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2020-10673"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
      },
      {
        "trust": 0.4,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-10672"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10687"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-14297"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-10693"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-10687"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-1710"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-10718"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10718"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-1748"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1719"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-11612"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-6950"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6950"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14307"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14307"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/611.html"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958055"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.8.0"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11973"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11972"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-2692"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9488"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000873"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11989"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17566"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13990"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11980"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11972"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1950"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12406"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11989"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3774"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11980"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1960"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1393"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11971"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17566"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-1000873"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7226"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9489"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14326"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13692"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0210"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10202"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10202"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3773"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13692"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11994"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10219"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11973"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1714"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-5398"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11777"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13933"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12423"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3774"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17638"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17638"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2692"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19343"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11994"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11971"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19343"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:5568"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3773"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0205"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11777"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3461"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10172"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3585"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xeap-cd\u0026version"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10719"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1954"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10719"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/20/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14371"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14371"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1954"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3463"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3639"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9547"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1695"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9546"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9548"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3464"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-163186"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-10683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004997"
      },
      {
        "db": "PACKETSTORM",
        "id": "160562"
      },
      {
        "db": "PACKETSTORM",
        "id": "158884"
      },
      {
        "db": "PACKETSTORM",
        "id": "159015"
      },
      {
        "db": "PACKETSTORM",
        "id": "158891"
      },
      {
        "db": "PACKETSTORM",
        "id": "159080"
      },
      {
        "db": "PACKETSTORM",
        "id": "158881"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1133"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-10683"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-163186"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-10683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004997"
      },
      {
        "db": "PACKETSTORM",
        "id": "160562"
      },
      {
        "db": "PACKETSTORM",
        "id": "158884"
      },
      {
        "db": "PACKETSTORM",
        "id": "159015"
      },
      {
        "db": "PACKETSTORM",
        "id": "158891"
      },
      {
        "db": "PACKETSTORM",
        "id": "159080"
      },
      {
        "db": "PACKETSTORM",
        "id": "158881"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1133"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-10683"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-05-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-163186"
      },
      {
        "date": "2020-05-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-10683"
      },
      {
        "date": "2020-06-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004997"
      },
      {
        "date": "2020-12-16T18:17:52",
        "db": "PACKETSTORM",
        "id": "160562"
      },
      {
        "date": "2020-08-17T17:34:41",
        "db": "PACKETSTORM",
        "id": "158884"
      },
      {
        "date": "2020-08-31T16:22:15",
        "db": "PACKETSTORM",
        "id": "159015"
      },
      {
        "date": "2020-08-17T17:43:22",
        "db": "PACKETSTORM",
        "id": "158891"
      },
      {
        "date": "2020-09-07T16:37:51",
        "db": "PACKETSTORM",
        "id": "159080"
      },
      {
        "date": "2020-08-17T15:35:45",
        "db": "PACKETSTORM",
        "id": "158881"
      },
      {
        "date": "2020-04-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-1133"
      },
      {
        "date": "2020-05-01T19:15:12.927000",
        "db": "NVD",
        "id": "CVE-2020-10683"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-163186"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-10683"
      },
      {
        "date": "2020-06-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004997"
      },
      {
        "date": "2023-07-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-1133"
      },
      {
        "date": "2023-11-07T03:14:11.907000",
        "db": "NVD",
        "id": "CVE-2020-10683"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "160562"
      },
      {
        "db": "PACKETSTORM",
        "id": "158884"
      },
      {
        "db": "PACKETSTORM",
        "id": "159015"
      },
      {
        "db": "PACKETSTORM",
        "id": "158891"
      },
      {
        "db": "PACKETSTORM",
        "id": "159080"
      },
      {
        "db": "PACKETSTORM",
        "id": "158881"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1133"
      }
    ],
    "trust": 1.2
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "dom4j In  XML External entity vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004997"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1133"
      }
    ],
    "trust": 0.6
  }
}

var-201907-1547
Vulnerability from variot

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api. RedHatUndertow is a Java-based embedded Web server from RedHat, Inc., and is the default web server for Wildfly (Java Application Server). The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 6 Advisory ID: RHSA-2019:3044-01 Product: Red Hat Single Sign-On Advisory URL: https://access.redhat.com/errata/RHSA-2019:3044 Issue date: 2019-10-14 CVE Names: CVE-2019-10184 CVE-2019-12086 CVE-2019-12814 CVE-2019-14379 CVE-2019-14820 CVE-2019-14832 =====================================================================

  1. Summary:

New Red Hat Single Sign-On 7.3.4 packages are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Single Sign-On 7.3 for RHEL 6 Server - noarch

  1. Description:

Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.3.4 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.3.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • keycloak: cross-realm user access auth bypass (CVE-2019-14832)

  • keycloak: adapter endpoints are exposed via arbitrary URLs (CVE-2019-14820)

  • jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814)

  • jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)

  • jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086)

  • undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1749487 - CVE-2019-14832 keycloak: cross-realm user access auth bypass

  1. JIRA issues fixed (https://issues.jboss.org/):

KEYCLOAK-11454 - Tracker bug for the RH-SSO 7.3.4 release for RHEL7

  1. Package List:

Red Hat Single Sign-On 7.3 for RHEL 6 Server:

Source: rh-sso7-keycloak-4.8.13-1.Final_redhat_00001.1.el6sso.src.rpm

noarch: rh-sso7-keycloak-4.8.13-1.Final_redhat_00001.1.el6sso.noarch.rpm rh-sso7-keycloak-server-4.8.13-1.Final_redhat_00001.1.el6sso.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2019-10184 https://access.redhat.com/security/cve/CVE-2019-12086 https://access.redhat.com/security/cve/CVE-2019-12814 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2019-14820 https://access.redhat.com/security/cve/CVE-2019-14832 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXaS+r9zjgjWX9erEAQizTBAAmTcTk3Q7rVco9Xx4dWdTBrNeB3cKhnoj Fhkwvdoo4MVgaDWv2P9h9/JFoaCvgw6ZP2ZBbwB0wXq2+F70GFexx/nP44TlL3Kg JBAjCLvYT24Ahtxg9U6bmZwi1++fogj9TfJcC1C7k+TZHvoz3W+BCIO3OFWC2xYb mkT943QgXEALZ+KjAZqG0fE3RvH28zZy1RQO5x0Vb+qr6KTTzEF/VvtQFOiKVtok qyKa+59Ddzr/YLy+QPN4+tOMWNbGJhUnarssUVodgc/1OAEGJLPGB7iez9ekwTNf AzRL9nrMUI+DYs2pz/Cks9aban3uWmjXCn4OxfyBS2vJKiwXIxpHOh8Zfl9NlB7e X2NMGeU34Dem1ofhTErZCDbpkCUHYuiTgaJ53JoWAzVfX3gGb44GFDxN7kQ2DG6q lScmZjNPtI2GJ0h+4L6ViSHOhNOpTSHlfaMsatC4kE50qjNagGC2jcgS9mmYwclX gLuLa+RlbMeZSYSVb4pl2rkKvwdR5tbrLBfznoeT46UPHKT+1Yyd28jlClTNBMoP qroivgayFrYkC/oj0ud0V3POKyxpdZS1rf7GZrwN+etESHn9RZwnzsj413fQtIaw xP5xCmpqGCbBe2JZRLizd+voOn1oZbZSNYpZfGfghQHZ9IuKrECqJ8KQhv5yx2GD cxVVfwDI8os= =akLu -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

The References section of this erratum contains a download link (you must log in to download the update).

The JBoss server process must be restarted for the update to take effect. Solution:

Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. JIRA issues fixed (https://issues.jboss.org/):

JBEAP-16455 - GSS Upgrade Infinispan from 9.3.6 to 9.3.7 JBEAP-16779 - GSS Upgrade Hibernate ORM from 5.3.10 to 5.3.11 JBEAP-17045 - GSS Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00001 to 2.3.5.SP3-redhat-00002 JBEAP-17062 - GSS Upgrade Artemis from 2.7.0.redhat-00057 to 2.9.0.redhat-00005 JBEAP-17073 - GSS Upgrade jboss-ejb-client from 4.0.20 to 4.0.23 JBEAP-17109 - (7.2.z) Upgrade XNIO from 3.6.6.Final-redhat-00001 to 3.7.3.Final-redhat-00001 JBEAP-17112 - GSS Upgrade JBoss Remoting from 5.0.12 to 5.0.14.SP1 JBEAP-17142 - Tracker bug for the EAP 7.2.4 release for RHEL-6 JBEAP-17162 - GSS Upgrade jgroups from 4.0.19 to 4.0.20 JBEAP-17178 - (7.2.z) Upgrade IronJacamar from 1.4.16.Final to 1.4.17.Final JBEAP-17182 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007 JBEAP-17183 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007 JBEAP-17223 - GSS Upgrade WildFly Core from 6.0.15 to 6.0.16 JBEAP-17238 - GSS Upgrade HAL from 3.0.13 to 3.0.16 JBEAP-17250 - GSS Upgrade JBoss MSC from 1.4.5 to 1.4.8 JBEAP-17271 - GSS Upgrade jboss-logmanager from 2.1.7.Final-redhat-00001 to 2.1.14.Final-redhat-00001 JBEAP-17273 - GSS Upgrade jboss-logging from 3.3.2.Final-redhat-00001 to 3.3.3.Final-redhat-00001 JBEAP-17274 - GSS Upgrade Wildfly Elytron from 1.6.3.Final-redhat-00001 to 1.6.4.Final-redhat-00001 JBEAP-17276 - GSS Upgrade wildfly-transaction-client from 1.1.4.Final-redhat-00001 to 1.1.6.Final-redhat-00001 JBEAP-17277 - GSS Upgrade Undertow from 2.0.22 to 2.0.25.SP1 JBEAP-17278 - GSS Upgrade JBoss Marshalling from 2.0.7 to 2.0.9 JBEAP-17294 - GSS Upgrade weld from 3.0.6.Final-redhat-00001 to 3.0.6.Final-redhat-00002 JBEAP-17311 - GSS Upgrade jboss-jaxrs-api_2.1_spec from 1.0.1.Final-redhat-00001 to 1.0.3.Final-redhat-00001 JBEAP-17320 - GSS Upgrade PicketBox from 5.0.3.Final-redhat-3 to 5.0.3.Final-redhat-00004 JBEAP-17321 - GSS Upgrade Narayana from 5.9.3.Final to 5.9.6.Final JBEAP-17334 - (7.2.z) Upgrade Elytron-Tool from 1.4.2 to 1.4.3.Final JBEAP-17527 - GSS Upgrade Hibernate ORM from 5.3.11 to 5.3.11.SP1

Installation instructions are available from the Fuse 7.6.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/

4

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201907-1547",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "jboss data grid",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "single sign-on",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "openshift application runtimes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "single sign-on",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "undertow",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.0.23"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "single sign-on",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0.0"
      },
      {
        "model": "openshift application runtimes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "1.0"
      },
      {
        "model": "active iq unified manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "jboss enterprise application platform",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "openshift application runtimes",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "single sign-on",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "undertow",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.0.23"
      },
      {
        "model": "hat red hat undertow \u003c2.0.23.final",
        "scope": null,
        "trust": 0.6,
        "vendor": "red",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-24570"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007209"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10184"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.0.23",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:openshift_application_runtimes:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-10184"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "154845"
      },
      {
        "db": "PACKETSTORM",
        "id": "154843"
      },
      {
        "db": "PACKETSTORM",
        "id": "154687"
      },
      {
        "db": "PACKETSTORM",
        "id": "154850"
      },
      {
        "db": "PACKETSTORM",
        "id": "154672"
      },
      {
        "db": "PACKETSTORM",
        "id": "154793"
      },
      {
        "db": "PACKETSTORM",
        "id": "156941"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1345"
      }
    ],
    "trust": 1.3
  },
  "cve": "CVE-2019-10184",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-10184",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-24570",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "secalert@redhat.com",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-10184",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-10184",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "secalert@redhat.com",
            "id": "CVE-2019-10184",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-24570",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201907-1345",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-24570"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007209"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1345"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10184"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10184"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api. RedHatUndertow is a Java-based embedded Web server from RedHat, Inc., and is the default web server for Wildfly (Java Application Server). The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 6\nAdvisory ID:       RHSA-2019:3044-01\nProduct:           Red Hat Single Sign-On\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:3044\nIssue date:        2019-10-14\nCVE Names:         CVE-2019-10184 CVE-2019-12086 CVE-2019-12814 \n                   CVE-2019-14379 CVE-2019-14820 CVE-2019-14832 \n=====================================================================\n\n1. Summary:\n\nNew Red Hat Single Sign-On 7.3.4 packages are now available for Red Hat\nEnterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Single Sign-On 7.3 for RHEL 6 Server - noarch\n\n3. Description:\n\nRed Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. \n\nThis release of Red Hat Single Sign-On 7.3.4 on RHEL 6 serves as a\nreplacement for Red Hat Single Sign-On 7.3.3, and includes bug fixes and\nenhancements, which are documented in the Release Notes document linked to\nin the References. \n\nSecurity Fix(es):\n\n* keycloak: cross-realm user access auth bypass (CVE-2019-14832)\n\n* keycloak: adapter endpoints are exposed via arbitrary URLs\n(CVE-2019-14820)\n\n* jackson-databind: polymorphic typing issue allows attacker to read\narbitrary local files on the server via crafted JSON message\n(CVE-2019-12814)\n\n* jackson-databind: default typing mishandling leading to remote code\nexecution (CVE-2019-14379)\n\n* jackson-databind: polymorphic typing issue allows attacker to read\narbitrary local files on the server (CVE-2019-12086)\n\n* undertow: Information leak in requests for directories without trailing\nslashes (CVE-2019-10184)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs\n1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes\n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. \n1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. \n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1749487 - CVE-2019-14832 keycloak: cross-realm user access auth bypass\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nKEYCLOAK-11454 - Tracker bug for the RH-SSO 7.3.4 release for RHEL7\n\n7. Package List:\n\nRed Hat Single Sign-On 7.3 for RHEL 6 Server:\n\nSource:\nrh-sso7-keycloak-4.8.13-1.Final_redhat_00001.1.el6sso.src.rpm\n\nnoarch:\nrh-sso7-keycloak-4.8.13-1.Final_redhat_00001.1.el6sso.noarch.rpm\nrh-sso7-keycloak-server-4.8.13-1.Final_redhat_00001.1.el6sso.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-10184\nhttps://access.redhat.com/security/cve/CVE-2019-12086\nhttps://access.redhat.com/security/cve/CVE-2019-12814\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2019-14820\nhttps://access.redhat.com/security/cve/CVE-2019-14832\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXaS+r9zjgjWX9erEAQizTBAAmTcTk3Q7rVco9Xx4dWdTBrNeB3cKhnoj\nFhkwvdoo4MVgaDWv2P9h9/JFoaCvgw6ZP2ZBbwB0wXq2+F70GFexx/nP44TlL3Kg\nJBAjCLvYT24Ahtxg9U6bmZwi1++fogj9TfJcC1C7k+TZHvoz3W+BCIO3OFWC2xYb\nmkT943QgXEALZ+KjAZqG0fE3RvH28zZy1RQO5x0Vb+qr6KTTzEF/VvtQFOiKVtok\nqyKa+59Ddzr/YLy+QPN4+tOMWNbGJhUnarssUVodgc/1OAEGJLPGB7iez9ekwTNf\nAzRL9nrMUI+DYs2pz/Cks9aban3uWmjXCn4OxfyBS2vJKiwXIxpHOh8Zfl9NlB7e\nX2NMGeU34Dem1ofhTErZCDbpkCUHYuiTgaJ53JoWAzVfX3gGb44GFDxN7kQ2DG6q\nlScmZjNPtI2GJ0h+4L6ViSHOhNOpTSHlfaMsatC4kE50qjNagGC2jcgS9mmYwclX\ngLuLa+RlbMeZSYSVb4pl2rkKvwdR5tbrLBfznoeT46UPHKT+1Yyd28jlClTNBMoP\nqroivgayFrYkC/oj0ud0V3POKyxpdZS1rf7GZrwN+etESHn9RZwnzsj413fQtIaw\nxP5xCmpqGCbBe2JZRLizd+voOn1oZbZSNYpZfGfghQHZ9IuKrECqJ8KQhv5yx2GD\ncxVVfwDI8os=\n=akLu\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-16455 - [GSS](7.2.z) Upgrade Infinispan from 9.3.6 to 9.3.7\nJBEAP-16779 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.10 to 5.3.11\nJBEAP-17045 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00001 to 2.3.5.SP3-redhat-00002\nJBEAP-17062 - [GSS](7.2.z) Upgrade Artemis from 2.7.0.redhat-00057 to 2.9.0.redhat-00005\nJBEAP-17073 - [GSS](7.2.z) Upgrade jboss-ejb-client from 4.0.20 to 4.0.23\nJBEAP-17109 - (7.2.z) Upgrade XNIO from 3.6.6.Final-redhat-00001 to 3.7.3.Final-redhat-00001\nJBEAP-17112 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.12 to 5.0.14.SP1\nJBEAP-17142 - Tracker bug for the EAP 7.2.4 release for RHEL-6\nJBEAP-17162 - [GSS](7.2.z) Upgrade jgroups from 4.0.19 to 4.0.20\nJBEAP-17178 - (7.2.z) Upgrade IronJacamar from 1.4.16.Final to 1.4.17.Final\nJBEAP-17182 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007\nJBEAP-17183 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007\nJBEAP-17223 - [GSS](7.2.z) Upgrade WildFly Core from 6.0.15 to 6.0.16\nJBEAP-17238 - [GSS](7.2.z) Upgrade HAL from 3.0.13 to 3.0.16\nJBEAP-17250 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.5 to 1.4.8\nJBEAP-17271 - [GSS](7.2.z) Upgrade jboss-logmanager from 2.1.7.Final-redhat-00001 to 2.1.14.Final-redhat-00001\nJBEAP-17273 - [GSS](7.2.z) Upgrade jboss-logging from 3.3.2.Final-redhat-00001 to 3.3.3.Final-redhat-00001\nJBEAP-17274 - [GSS](7.2.z) Upgrade Wildfly Elytron from 1.6.3.Final-redhat-00001 to 1.6.4.Final-redhat-00001\nJBEAP-17276 - [GSS](7.2.z) Upgrade wildfly-transaction-client from 1.1.4.Final-redhat-00001 to 1.1.6.Final-redhat-00001\nJBEAP-17277 - [GSS](7.2.z) Upgrade Undertow from 2.0.22 to 2.0.25.SP1\nJBEAP-17278 - [GSS](7.2.z) Upgrade JBoss Marshalling from 2.0.7 to 2.0.9\nJBEAP-17294 - [GSS](7.2.z) Upgrade weld from 3.0.6.Final-redhat-00001 to 3.0.6.Final-redhat-00002\nJBEAP-17311 - [GSS](7.2.z) Upgrade jboss-jaxrs-api_2.1_spec from 1.0.1.Final-redhat-00001 to 1.0.3.Final-redhat-00001\nJBEAP-17320 - [GSS](7.2.z) Upgrade PicketBox from 5.0.3.Final-redhat-3 to 5.0.3.Final-redhat-00004\nJBEAP-17321 - [GSS](7.2.z) Upgrade Narayana from 5.9.3.Final to 5.9.6.Final\nJBEAP-17334 - (7.2.z) Upgrade Elytron-Tool from 1.4.2 to 1.4.3.Final\nJBEAP-17527 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11 to 5.3.11.SP1\n\n7. \n\nInstallation instructions are available from the Fuse 7.6.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/\n\n4",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-10184"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007209"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-24570"
      },
      {
        "db": "PACKETSTORM",
        "id": "154845"
      },
      {
        "db": "PACKETSTORM",
        "id": "154843"
      },
      {
        "db": "PACKETSTORM",
        "id": "154687"
      },
      {
        "db": "PACKETSTORM",
        "id": "154850"
      },
      {
        "db": "PACKETSTORM",
        "id": "154672"
      },
      {
        "db": "PACKETSTORM",
        "id": "154793"
      },
      {
        "db": "PACKETSTORM",
        "id": "156941"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-10184",
        "trust": 3.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007209",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "154793",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "156941",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-24570",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "156628",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "154665",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3672",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1076",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3805",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0832",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1345",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "154845",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154843",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154687",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154850",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154672",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-24570"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007209"
      },
      {
        "db": "PACKETSTORM",
        "id": "154845"
      },
      {
        "db": "PACKETSTORM",
        "id": "154843"
      },
      {
        "db": "PACKETSTORM",
        "id": "154687"
      },
      {
        "db": "PACKETSTORM",
        "id": "154850"
      },
      {
        "db": "PACKETSTORM",
        "id": "154672"
      },
      {
        "db": "PACKETSTORM",
        "id": "154793"
      },
      {
        "db": "PACKETSTORM",
        "id": "156941"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1345"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10184"
      }
    ]
  },
  "id": "VAR-201907-1547",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-24570"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-24570"
      }
    ]
  },
  "last_update_date": "2024-07-23T19:38:13.489000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "[UNDERTOW-1578] 401 Unauthorized should be returned when requesting a protected directory without trailing slash #794",
        "trust": 0.8,
        "url": "https://github.com/undertow-io/undertow/pull/794"
      },
      {
        "title": "Bug 1713068",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-10184"
      },
      {
        "title": "Patch for RedHatUndertow Information Disclosure Vulnerability (CNVD-2019-24570)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/172059"
      },
      {
        "title": "Red Hat Undertow Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95492"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-24570"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007209"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1345"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-862",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007209"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10184"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10184"
      },
      {
        "trust": 2.3,
        "url": "https://access.redhat.com/errata/rhsa-2019:3046"
      },
      {
        "trust": 2.3,
        "url": "https://access.redhat.com/errata/rhsa-2019:3044"
      },
      {
        "trust": 2.3,
        "url": "https://access.redhat.com/errata/rhsa-2019:2938"
      },
      {
        "trust": 2.3,
        "url": "https://access.redhat.com/errata/rhsa-2019:3050"
      },
      {
        "trust": 2.3,
        "url": "https://access.redhat.com/errata/rhsa-2019:2935"
      },
      {
        "trust": 2.2,
        "url": "https://access.redhat.com/errata/rhsa-2019:2937"
      },
      {
        "trust": 2.2,
        "url": "https://access.redhat.com/errata/rhsa-2019:2936"
      },
      {
        "trust": 2.2,
        "url": "https://access.redhat.com/errata/rhsa-2019:3045"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2019:2998"
      },
      {
        "trust": 1.6,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-10184"
      },
      {
        "trust": 1.6,
        "url": "https://access.redhat.com/errata/rhsa-2020:0727"
      },
      {
        "trust": 1.6,
        "url": "https://github.com/undertow-io/undertow/pull/794"
      },
      {
        "trust": 1.6,
        "url": "https://security.netapp.com/advisory/ntap-20220210-0016/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10184"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2019-10184"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.7,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.7,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2019-14379"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12814"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-12814"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-12086"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/undertow-information-disclosure-via-trailing-slashes-30482"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3805/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/154793/red-hat-security-advisory-2019-2998-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0832/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/154665/red-hat-security-advisory-2019-2937-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3672/"
      },
      {
        "trust": 0.5,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12384"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-12384"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-14832"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-14820"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10212"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-10212"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-10202"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10202"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-3888"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3888"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.2"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=securitypatches\u0026version=7.3"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3868"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xcatrhoar.thorntail\u0026version=2.5.0"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3868"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/release_notes_for_thorntail_2/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-9251"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11771"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5427"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9512"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9514"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12422"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9517"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9515"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5929"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12422"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14439"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9516"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9518"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11272"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17570"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9513"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17570"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.6.0"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-5929"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-11771"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14439"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3802"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-15756"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5427"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15756"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-16012"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10174"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11272"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3802"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16012"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:0983"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-24570"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007209"
      },
      {
        "db": "PACKETSTORM",
        "id": "154845"
      },
      {
        "db": "PACKETSTORM",
        "id": "154843"
      },
      {
        "db": "PACKETSTORM",
        "id": "154687"
      },
      {
        "db": "PACKETSTORM",
        "id": "154850"
      },
      {
        "db": "PACKETSTORM",
        "id": "154672"
      },
      {
        "db": "PACKETSTORM",
        "id": "154793"
      },
      {
        "db": "PACKETSTORM",
        "id": "156941"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1345"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10184"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-24570"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007209"
      },
      {
        "db": "PACKETSTORM",
        "id": "154845"
      },
      {
        "db": "PACKETSTORM",
        "id": "154843"
      },
      {
        "db": "PACKETSTORM",
        "id": "154687"
      },
      {
        "db": "PACKETSTORM",
        "id": "154850"
      },
      {
        "db": "PACKETSTORM",
        "id": "154672"
      },
      {
        "db": "PACKETSTORM",
        "id": "154793"
      },
      {
        "db": "PACKETSTORM",
        "id": "156941"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1345"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10184"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-29T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-24570"
      },
      {
        "date": "2019-08-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-007209"
      },
      {
        "date": "2019-10-14T23:03:33",
        "db": "PACKETSTORM",
        "id": "154845"
      },
      {
        "date": "2019-10-14T20:22:22",
        "db": "PACKETSTORM",
        "id": "154843"
      },
      {
        "date": "2019-09-30T18:22:22",
        "db": "PACKETSTORM",
        "id": "154687"
      },
      {
        "date": "2019-10-15T00:11:31",
        "db": "PACKETSTORM",
        "id": "154850"
      },
      {
        "date": "2019-09-30T18:22:22",
        "db": "PACKETSTORM",
        "id": "154672"
      },
      {
        "date": "2019-10-10T14:44:58",
        "db": "PACKETSTORM",
        "id": "154793"
      },
      {
        "date": "2020-03-27T13:16:40",
        "db": "PACKETSTORM",
        "id": "156941"
      },
      {
        "date": "2019-07-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-1345"
      },
      {
        "date": "2019-07-25T21:15:11.473000",
        "db": "NVD",
        "id": "CVE-2019-10184"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-29T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-24570"
      },
      {
        "date": "2019-08-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-007209"
      },
      {
        "date": "2022-03-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-1345"
      },
      {
        "date": "2022-02-20T06:11:42.433000",
        "db": "NVD",
        "id": "CVE-2019-10184"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-1345"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "undertow Vulnerable to information disclosure",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-007209"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "154845"
      },
      {
        "db": "PACKETSTORM",
        "id": "154843"
      },
      {
        "db": "PACKETSTORM",
        "id": "154687"
      },
      {
        "db": "PACKETSTORM",
        "id": "154850"
      },
      {
        "db": "PACKETSTORM",
        "id": "154672"
      },
      {
        "db": "PACKETSTORM",
        "id": "154793"
      }
    ],
    "trust": 0.6
  }
}

cve-2016-7066
Vulnerability from cvelistv5
Published
2018-09-11 14:00
Modified
2024-08-06 01:50
Severity ?
Summary
It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.
References
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:50:47.460Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:3456",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3456"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7066"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "JBoss Enterprise Application Platform",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "7.1.0"
            }
          ]
        }
      ],
      "datePublic": "2018-09-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-12T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2017:3456",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3456"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7066"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-7066",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "JBoss Enterprise Application Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.1.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Red Hat"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "6.1/AV:L/AC:L/Au:N/C:P/I:P/A:C",
                "version": "2.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-266"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:3456",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3456"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7066",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7066"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-7066",
    "datePublished": "2018-09-11T14:00:00",
    "dateReserved": "2016-08-23T00:00:00",
    "dateUpdated": "2024-08-06T01:50:47.460Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-5626
Vulnerability from cvelistv5
Published
2020-01-23 18:10
Modified
2024-08-06 21:14
Severity ?
Summary
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:14:16.255Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5626"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2012-5626"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "JBoss BRMS",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "5"
            }
          ]
        },
        {
          "product": "JBoss Enterprise Application Platform",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "5"
            }
          ]
        },
        {
          "product": "JBoss Operations Network",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "3.1"
            }
          ]
        },
        {
          "product": "JBoss Portal",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "4"
            },
            {
              "status": "affected",
              "version": "5"
            }
          ]
        },
        {
          "product": "JBoss SOA Platform",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "status": "affected",
              "version": "4.3"
            },
            {
              "status": "affected",
              "version": "5"
            }
          ]
        },
        {
          "product": "JBoss Enterprise Web Server",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "1"
            }
          ]
        }
      ],
      "datePublic": "2016-02-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Other",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-23T18:10:30",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5626"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://access.redhat.com/security/cve/cve-2012-5626"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-5626",
    "datePublished": "2020-01-23T18:10:30",
    "dateReserved": "2012-10-24T00:00:00",
    "dateUpdated": "2024-08-06T21:14:16.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}