All the vulnerabilites related to FasterXML - jackson-databind
cve-2020-36180
Vulnerability from cvelistv5
Published
2021-01-06 22:30
Modified
2024-08-04 17:23
Summary
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jackson-databind",
            "vendor": "fasterxml",
            "versions": [
              {
                "lessThan": "2.9.10.8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "steelstore_cloud_integrated_storage",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "agile_plm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autovue_for_agile_product_lifecycle_management",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.0.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "banking_digital_experience",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "18.3",
                "status": "affected",
                "version": "18.1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "19.2",
                "status": "affected",
                "version": "19.1",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "20.1"
              },
              {
                "lessThanOrEqual": "2.9.0",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_calendar_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.0.5.0",
                "status": "affected",
                "version": "8.0.0.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_diameter_signaling_router",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_element_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_evolved_communications_application_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_instant_messaging_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "10.0.1.4.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "6.0.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.0.3",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_session_route_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_manager_base_platform",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "13.4.0.0",
                "status": "affected",
                "version": "13.3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_analytical_applications_infrastructure",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.1.0",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_institutional_performance_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              },
              {
                "status": "affected",
                "version": "8.0.7"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_price_creation_and_discovery",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.7",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_retail_customer_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "global_lifecycle_management_opatch",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.0.1.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "insurance_policy_administration_j2ee",
            "vendor": "oracle",
            "versions": [
              {
                "lessThan": "11.1.0.15",
                "status": "affected",
                "version": "11.0.2.25",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jd_edwards_enterpriseone_orchestrator",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "9.2.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "primavera_unifier",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "16.1"
              },
              {
                "status": "affected",
                "version": "16.2"
              },
              {
                "lessThanOrEqual": "17.12",
                "status": "affected",
                "version": "17.7",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "18.8"
              },
              {
                "status": "affected",
                "version": "19.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_merchandising_system",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "15.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_sales_audit",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_service_backbone",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              },
              {
                "status": "affected",
                "version": "15.0"
              },
              {
                "status": "affected",
                "version": "16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_xstore_point_of_service",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "19.0",
                "status": "affected",
                "version": "15.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "weblogic_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.1.4.0",
                "status": "affected",
                "version": "12.2.1.3.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-36180",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-25T04:00:49.885173Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:12:24.082Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:23:09.529Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
          },
          {
            "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:20:30",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
        },
        {
          "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-36180",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/3004",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36180",
    "datePublished": "2021-01-06T22:30:31",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-04T17:23:09.529Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-14540
Vulnerability from cvelistv5
Published
2019-09-15 21:45
Modified
2024-08-05 00:19
Severity ?
Summary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
References
https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1%40%3Cissues.hbase.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016%40%3Cissues.hbase.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0%40%3Cissues.hbase.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9%40%3Cissues.hbase.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb%40%3Ccommits.hbase.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2019/10/msg00001.htmlmailing-list, x_refsource_MLIST
https://www.debian.org/security/2019/dsa-4542vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Oct/6mailing-list, x_refsource_BUGTRAQ
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/vendor-advisory, x_refsource_FEDORA
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3200vendor-advisory, x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/vendor-advisory, x_refsource_FEDORA
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2020:0164vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0159vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0160vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0161vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2020:0445vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2449x_refsource_MISC
https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.xx_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/2410x_refsource_MISC
https://security.netapp.com/advisory/ntap-20191004-0002/x_refsource_CONFIRM
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:19:41.379Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20190925 [GitHub] [zookeeper] maoling commented on issue #1097: ZOOKEEPER-3559 - Update Jackson to 2.9.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb%40%3Ccommits.hbase.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"
          },
          {
            "name": "DSA-4542",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4542"
          },
          {
            "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Oct/6"
          },
          {
            "name": "FEDORA-2019-b171554877",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3200",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3200"
          },
          {
            "name": "FEDORA-2019-cf87377f5f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"
          },
          {
            "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "RHSA-2020:0164",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0164"
          },
          {
            "name": "RHSA-2020:0159",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0159"
          },
          {
            "name": "RHSA-2020:0160",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0160"
          },
          {
            "name": "RHSA-2020:0161",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0161"
          },
          {
            "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "RHSA-2020:0445",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0445"
          },
          {
            "name": "[nifi-commits] 20200421 svn commit: r1876802 - /nifi/site/trunk/registry-security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2449"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2410"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191004-0002/"
          },
          {
            "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:57",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20190925 [GitHub] [zookeeper] maoling commented on issue #1097: ZOOKEEPER-3559 - Update Jackson to 2.9.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb%40%3Ccommits.hbase.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"
        },
        {
          "name": "DSA-4542",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4542"
        },
        {
          "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Oct/6"
        },
        {
          "name": "FEDORA-2019-b171554877",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3200",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3200"
        },
        {
          "name": "FEDORA-2019-cf87377f5f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"
        },
        {
          "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "name": "RHSA-2020:0164",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0164"
        },
        {
          "name": "RHSA-2020:0159",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0159"
        },
        {
          "name": "RHSA-2020:0160",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0160"
        },
        {
          "name": "RHSA-2020:0161",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0161"
        },
        {
          "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "name": "RHSA-2020:0445",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0445"
        },
        {
          "name": "[nifi-commits] 20200421 svn commit: r1876802 - /nifi/site/trunk/registry-security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2449"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2410"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191004-0002/"
        },
        {
          "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14540",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E"
            },
            {
              "name": "[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20190925 [GitHub] [zookeeper] maoling commented on issue #1097: ZOOKEEPER-3559 - Update Jackson to 2.9.10",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E"
            },
            {
              "name": "[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E"
            },
            {
              "name": "[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E"
            },
            {
              "name": "[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"
            },
            {
              "name": "DSA-4542",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4542"
            },
            {
              "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Oct/6"
            },
            {
              "name": "FEDORA-2019-b171554877",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3200",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3200"
            },
            {
              "name": "FEDORA-2019-cf87377f5f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"
            },
            {
              "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "RHSA-2020:0164",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0164"
            },
            {
              "name": "RHSA-2020:0159",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0159"
            },
            {
              "name": "RHSA-2020:0160",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0160"
            },
            {
              "name": "RHSA-2020:0161",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0161"
            },
            {
              "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "RHSA-2020:0445",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0445"
            },
            {
              "name": "[nifi-commits] 20200421 svn commit: r1876802 - /nifi/site/trunk/registry-security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2449",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2449"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2410",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2410"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191004-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191004-0002/"
            },
            {
              "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14540",
    "datePublished": "2019-09-15T21:45:22",
    "dateReserved": "2019-08-02T00:00:00",
    "dateUpdated": "2024-08-05T00:19:41.379Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-42003
Vulnerability from cvelistv5
Published
2022-10-02 00:00
Modified
2024-08-03 12:56
Severity ?
Summary
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:39.107Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/3590"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
          },
          {
            "name": "GLSA-202210-21",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-21"
          },
          {
            "name": "DSA-5283",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5283"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221124-0004/"
          },
          {
            "name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-20T09:33:08.256001",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/FasterXML/jackson-databind/issues/3590"
        },
        {
          "url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"
        },
        {
          "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
        },
        {
          "name": "GLSA-202210-21",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-21"
        },
        {
          "name": "DSA-5283",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5283"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221124-0004/"
        },
        {
          "name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-42003",
    "datePublished": "2022-10-02T00:00:00",
    "dateReserved": "2022-10-02T00:00:00",
    "dateUpdated": "2024-08-03T12:56:39.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-19361
Vulnerability from cvelistv5
Published
2019-01-02 18:00
Modified
2024-08-05 11:37
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
References
https://github.com/FasterXML/jackson-databind/issues/2186x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2019/03/msg00005.htmlmailing-list, x_refsource_MLIST
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8x_refsource_CONFIRM
https://issues.apache.org/jira/browse/TINKERPOP-2121x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2bx_refsource_CONFIRM
https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:0782vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0877vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2019:0959vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2019/dsa-4452vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/May/68mailing-list, x_refsource_BUGTRAQ
https://security.netapp.com/advisory/ntap-20190530-0003/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:1782vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1797vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
http://www.securityfocus.com/bid/107985vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2019:1822vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1823vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2804vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3002vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:3140vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3892vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:4037vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:37:11.520Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2186"
          },
          {
            "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.apache.org/jira/browse/TINKERPOP-2121"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
          },
          {
            "name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "name": "RHSA-2019:0782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0782"
          },
          {
            "name": "RHSA-2019:0877",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0877"
          },
          {
            "name": "RHBA-2019:0959",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:0959"
          },
          {
            "name": "DSA-4452",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4452"
          },
          {
            "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/68"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
          },
          {
            "name": "RHSA-2019:1782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1782"
          },
          {
            "name": "RHSA-2019:1797",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1797"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "107985",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107985"
          },
          {
            "name": "RHSA-2019:1822",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1822"
          },
          {
            "name": "RHSA-2019:1823",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1823"
          },
          {
            "name": "RHSA-2019:2804",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2804"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "name": "RHSA-2019:3002",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3002"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "name": "RHSA-2019:3140",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3140"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3892",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3892"
          },
          {
            "name": "RHSA-2019:4037",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4037"
          },
          {
            "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-11-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-31T13:06:30",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2186"
        },
        {
          "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.apache.org/jira/browse/TINKERPOP-2121"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
        },
        {
          "name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "name": "RHSA-2019:0782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0782"
        },
        {
          "name": "RHSA-2019:0877",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0877"
        },
        {
          "name": "RHBA-2019:0959",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2019:0959"
        },
        {
          "name": "DSA-4452",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4452"
        },
        {
          "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/68"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
        },
        {
          "name": "RHSA-2019:1782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1782"
        },
        {
          "name": "RHSA-2019:1797",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1797"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "name": "107985",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107985"
        },
        {
          "name": "RHSA-2019:1822",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1822"
        },
        {
          "name": "RHSA-2019:1823",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1823"
        },
        {
          "name": "RHSA-2019:2804",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2804"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "name": "RHSA-2019:3002",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3002"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "name": "RHSA-2019:3140",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3140"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3892",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3892"
        },
        {
          "name": "RHSA-2019:4037",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4037"
        },
        {
          "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-19361",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2186",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2186"
            },
            {
              "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
            },
            {
              "name": "https://issues.apache.org/jira/browse/TINKERPOP-2121",
              "refsource": "CONFIRM",
              "url": "https://issues.apache.org/jira/browse/TINKERPOP-2121"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
            },
            {
              "name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "RHSA-2019:0782",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0782"
            },
            {
              "name": "RHSA-2019:0877",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0877"
            },
            {
              "name": "RHBA-2019:0959",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHBA-2019:0959"
            },
            {
              "name": "DSA-4452",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4452"
            },
            {
              "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/68"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190530-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
            },
            {
              "name": "RHSA-2019:1782",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1782"
            },
            {
              "name": "RHSA-2019:1797",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1797"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "107985",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107985"
            },
            {
              "name": "RHSA-2019:1822",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1822"
            },
            {
              "name": "RHSA-2019:1823",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1823"
            },
            {
              "name": "RHSA-2019:2804",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2804"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "RHSA-2019:3002",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3002"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "RHSA-2019:3140",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3140"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3892",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3892"
            },
            {
              "name": "RHSA-2019:4037",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4037"
            },
            {
              "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-19361",
    "datePublished": "2019-01-02T18:00:00",
    "dateReserved": "2018-11-19T00:00:00",
    "dateUpdated": "2024-08-05T11:37:11.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-46877
Vulnerability from cvelistv5
Published
2023-03-18 00:00
Modified
2024-08-04 05:17
Severity ?
Summary
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.837Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/jackson-user/c/OsBsirPM_Vw"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/3328"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-18T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://groups.google.com/g/jackson-user/c/OsBsirPM_Vw"
        },
        {
          "url": "https://github.com/FasterXML/jackson-databind/issues/3328"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-46877",
    "datePublished": "2023-03-18T00:00:00",
    "dateReserved": "2023-03-18T00:00:00",
    "dateUpdated": "2024-08-04T05:17:42.837Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-9546
Vulnerability from cvelistv5
Published
2020-03-02 03:59
Modified
2024-08-04 10:34
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
References
https://lists.debian.org/debian-lts-announce/2020/03/msg00008.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2631x_refsource_MISC
https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3Ex_refsource_MISC
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20200904-0006/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.829Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
          },
          {
            "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2631"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:40:28",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
        },
        {
          "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2631"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-9546",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
            },
            {
              "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2631",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2631"
            },
            {
              "name": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200904-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-9546",
    "datePublished": "2020-03-02T03:59:18",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.829Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-20330
Vulnerability from cvelistv5
Published
2020-01-03 03:35
Modified
2024-08-05 02:39
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
References
https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d%40%3Cdev.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393%40%3Cdev.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c%40%3Cdev.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2%40%3Ccommits.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764%40%3Ccommits.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63%40%3Ccommits.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020/02/msg00020.htmlmailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2526x_refsource_MISC
https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2x_refsource_MISC
https://security.netapp.com/advisory/ntap-20200127-0004/x_refsource_CONFIRM
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:39:09.617Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[druid-commits] 20200114 [GitHub] [druid] ccaominh opened a new pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20200115 [GitHub] [druid] ccaominh opened a new pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20200118 Build failed in Jenkins: zookeeper-master-maven-owasp #329",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20200118 [jira] [Created] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200118 [jira] [Created] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200118 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200122 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20200122 Re: 3.5.7",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200122 [jira] [Assigned] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20200122 [GitHub] [zookeeper] phunt commented on issue #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200122 [jira] [Updated] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20200122 [GitHub] [zookeeper] phunt opened a new pull request #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200123 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20200123 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20200123 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200123 [jira] [Resolved] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20200123 [GitHub] [zookeeper] asfgit closed pull request #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20200123 [GitHub] [zookeeper] nkalmar commented on issue #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200123 [jira] [Updated] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20200123 [zookeeper] branch master updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20200220 [SECURITY] [DLA 2111-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2526"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200127-0004/"
          },
          {
            "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T22:53:45",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[druid-commits] 20200114 [GitHub] [druid] ccaominh opened a new pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20200115 [GitHub] [druid] ccaominh opened a new pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20200118 Build failed in Jenkins: zookeeper-master-maven-owasp #329",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20200118 [jira] [Created] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200118 [jira] [Created] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200118 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200122 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20200122 Re: 3.5.7",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200122 [jira] [Assigned] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20200122 [GitHub] [zookeeper] phunt commented on issue #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200122 [jira] [Updated] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20200122 [GitHub] [zookeeper] phunt opened a new pull request #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200123 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20200123 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20200123 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200123 [jira] [Resolved] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20200123 [GitHub] [zookeeper] asfgit closed pull request #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20200123 [GitHub] [zookeeper] nkalmar commented on issue #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200123 [jira] [Updated] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20200123 [zookeeper] branch master updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20200220 [SECURITY] [DLA 2111-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2526"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200127-0004/"
        },
        {
          "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-20330",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[druid-commits] 20200114 [GitHub] [druid] ccaominh opened a new pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20200115 [GitHub] [druid] ccaominh opened a new pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200118 Build failed in Jenkins: zookeeper-master-maven-owasp #329",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200118 [jira] [Created] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200118 [jira] [Created] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200118 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200122 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200122 Re: 3.5.7",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200122 [jira] [Assigned] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20200122 [GitHub] [zookeeper] phunt commented on issue #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200122 [jira] [Updated] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20200122 [GitHub] [zookeeper] phunt opened a new pull request #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200123 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20200123 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20200123 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200123 [jira] [Resolved] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20200123 [GitHub] [zookeeper] asfgit closed pull request #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20200123 [GitHub] [zookeeper] nkalmar commented on issue #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200123 [jira] [Updated] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20200123 [zookeeper] branch master updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200220 [SECURITY] [DLA 2111-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2526",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2526"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200127-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200127-0004/"
            },
            {
              "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-20330",
    "datePublished": "2020-01-03T03:35:52",
    "dateReserved": "2020-01-03T00:00:00",
    "dateUpdated": "2024-08-05T02:39:09.617Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-16942
Vulnerability from cvelistv5
Published
2019-10-01 16:04
Modified
2024-08-05 01:24
Severity ?
Summary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.
References
https://lists.debian.org/debian-lts-announce/2019/10/msg00001.htmlmailing-list, x_refsource_MLIST
https://www.debian.org/security/2019/dsa-4542vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Oct/6mailing-list, x_refsource_BUGTRAQ
https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/vendor-advisory, x_refsource_FEDORA
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/vendor-advisory, x_refsource_FEDORA
https://access.redhat.com/errata/RHSA-2019:3901vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2020:0164vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0159vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0160vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0161vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0445vendor-advisory, x_refsource_REDHAT
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2478x_refsource_MISC
https://issues.apache.org/jira/browse/GEODE-7255x_refsource_MISC
https://security.netapp.com/advisory/ntap-20191017-0006/x_refsource_CONFIRM
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:24:48.535Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"
          },
          {
            "name": "DSA-4542",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4542"
          },
          {
            "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Oct/6"
          },
          {
            "name": "[geode-issues] 20191008 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370%40%3Cissues.geode.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20191011 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5%40%3Cissues.geode.apache.org%3E"
          },
          {
            "name": "FEDORA-2019-b171554877",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "FEDORA-2019-cf87377f5f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"
          },
          {
            "name": "RHSA-2019:3901",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3901"
          },
          {
            "name": "[geode-issues] 20191230 [jira] [Closed] (GEODE-7255) Need to pick up CVE-2019-16942",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954%40%3Cissues.geode.apache.org%3E"
          },
          {
            "name": "RHSA-2020:0164",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0164"
          },
          {
            "name": "RHSA-2020:0159",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0159"
          },
          {
            "name": "RHSA-2020:0160",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0160"
          },
          {
            "name": "RHSA-2020:0161",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0161"
          },
          {
            "name": "RHSA-2020:0445",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0445"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2478"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://issues.apache.org/jira/browse/GEODE-7255"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191017-0006/"
          },
          {
            "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T22:53:38",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"
        },
        {
          "name": "DSA-4542",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4542"
        },
        {
          "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Oct/6"
        },
        {
          "name": "[geode-issues] 20191008 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370%40%3Cissues.geode.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20191011 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5%40%3Cissues.geode.apache.org%3E"
        },
        {
          "name": "FEDORA-2019-b171554877",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "FEDORA-2019-cf87377f5f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"
        },
        {
          "name": "RHSA-2019:3901",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3901"
        },
        {
          "name": "[geode-issues] 20191230 [jira] [Closed] (GEODE-7255) Need to pick up CVE-2019-16942",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954%40%3Cissues.geode.apache.org%3E"
        },
        {
          "name": "RHSA-2020:0164",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0164"
        },
        {
          "name": "RHSA-2020:0159",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0159"
        },
        {
          "name": "RHSA-2020:0160",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0160"
        },
        {
          "name": "RHSA-2020:0161",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0161"
        },
        {
          "name": "RHSA-2020:0445",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0445"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2478"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://issues.apache.org/jira/browse/GEODE-7255"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191017-0006/"
        },
        {
          "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-16942",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"
            },
            {
              "name": "DSA-4542",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4542"
            },
            {
              "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Oct/6"
            },
            {
              "name": "[geode-issues] 20191008 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20191011 [jira] [Commented] (GEODE-7255) Need to pick up CVE-2019-16942",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "FEDORA-2019-b171554877",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "FEDORA-2019-cf87377f5f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"
            },
            {
              "name": "RHSA-2019:3901",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3901"
            },
            {
              "name": "[geode-issues] 20191230 [jira] [Closed] (GEODE-7255) Need to pick up CVE-2019-16942",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "RHSA-2020:0164",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0164"
            },
            {
              "name": "RHSA-2020:0159",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0159"
            },
            {
              "name": "RHSA-2020:0160",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0160"
            },
            {
              "name": "RHSA-2020:0161",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0161"
            },
            {
              "name": "RHSA-2020:0445",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0445"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2478",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2478"
            },
            {
              "name": "https://issues.apache.org/jira/browse/GEODE-7255",
              "refsource": "MISC",
              "url": "https://issues.apache.org/jira/browse/GEODE-7255"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191017-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191017-0006/"
            },
            {
              "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-16942",
    "datePublished": "2019-10-01T16:04:26",
    "dateReserved": "2019-09-29T00:00:00",
    "dateUpdated": "2024-08-05T01:24:48.535Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-35116
Vulnerability from cvelistv5
Published
2023-06-14 00:00
Modified
2024-08-02 16:23
Severity ?
Summary
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:23:58.755Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/3972"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor\u0027s perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-26T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/FasterXML/jackson-databind/issues/3972"
        }
      ],
      "tags": [
        "disputed"
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-35116",
    "datePublished": "2023-06-14T00:00:00",
    "dateReserved": "2023-06-13T00:00:00",
    "dateUpdated": "2024-08-02T16:23:58.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-14721
Vulnerability from cvelistv5
Published
2019-01-02 18:00
Modified
2024-08-05 09:38
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
References
https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/2097x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2019/03/msg00005.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:0782vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2019:0959vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1107vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1108vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1106vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1140vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2019/dsa-4452vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/May/68mailing-list, x_refsource_BUGTRAQ
https://security.netapp.com/advisory/ntap-20190530-0003/x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:1822vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1823vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3892vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:4037vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:38:13.150Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2097"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7"
          },
          {
            "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
          },
          {
            "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "name": "RHSA-2019:0782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0782"
          },
          {
            "name": "RHBA-2019:0959",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:0959"
          },
          {
            "name": "RHSA-2019:1107",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1107"
          },
          {
            "name": "RHSA-2019:1108",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1108"
          },
          {
            "name": "RHSA-2019:1106",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1106"
          },
          {
            "name": "RHSA-2019:1140",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1140"
          },
          {
            "name": "DSA-4452",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4452"
          },
          {
            "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/68"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "RHSA-2019:1822",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1822"
          },
          {
            "name": "RHSA-2019:1823",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1823"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3892",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3892"
          },
          {
            "name": "RHSA-2019:4037",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4037"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-31T13:06:06",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2097"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7"
        },
        {
          "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
        },
        {
          "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "name": "RHSA-2019:0782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0782"
        },
        {
          "name": "RHBA-2019:0959",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2019:0959"
        },
        {
          "name": "RHSA-2019:1107",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1107"
        },
        {
          "name": "RHSA-2019:1108",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1108"
        },
        {
          "name": "RHSA-2019:1106",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1106"
        },
        {
          "name": "RHSA-2019:1140",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1140"
        },
        {
          "name": "DSA-4452",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4452"
        },
        {
          "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/68"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "name": "RHSA-2019:1822",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1822"
        },
        {
          "name": "RHSA-2019:1823",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1823"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3892",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3892"
        },
        {
          "name": "RHSA-2019:4037",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4037"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-14721",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2097",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2097"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7"
            },
            {
              "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
            },
            {
              "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "RHSA-2019:0782",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0782"
            },
            {
              "name": "RHBA-2019:0959",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHBA-2019:0959"
            },
            {
              "name": "RHSA-2019:1107",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1107"
            },
            {
              "name": "RHSA-2019:1108",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1108"
            },
            {
              "name": "RHSA-2019:1106",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1106"
            },
            {
              "name": "RHSA-2019:1140",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1140"
            },
            {
              "name": "DSA-4452",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4452"
            },
            {
              "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/68"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190530-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "RHSA-2019:1822",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1822"
            },
            {
              "name": "RHSA-2019:1823",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1823"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3892",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3892"
            },
            {
              "name": "RHSA-2019:4037",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4037"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-14721",
    "datePublished": "2019-01-02T18:00:00",
    "dateReserved": "2018-07-28T00:00:00",
    "dateUpdated": "2024-08-05T09:38:13.150Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-16335
Vulnerability from cvelistv5
Published
2019-09-15 21:45
Modified
2024-08-05 01:10
Severity ?
Summary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
References
https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1%40%3Cissues.hbase.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016%40%3Cissues.hbase.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0%40%3Cissues.hbase.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9%40%3Cissues.hbase.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb%40%3Ccommits.hbase.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2019/10/msg00001.htmlmailing-list, x_refsource_MLIST
https://www.debian.org/security/2019/dsa-4542vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Oct/6mailing-list, x_refsource_BUGTRAQ
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/vendor-advisory, x_refsource_FEDORA
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3200vendor-advisory, x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/vendor-advisory, x_refsource_FEDORA
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2020:0164vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0159vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0160vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0161vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2020:0445vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0729vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2449x_refsource_MISC
https://security.netapp.com/advisory/ntap-20191004-0002/x_refsource_CONFIRM
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:10:41.788Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb%40%3Ccommits.hbase.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"
          },
          {
            "name": "DSA-4542",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4542"
          },
          {
            "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Oct/6"
          },
          {
            "name": "FEDORA-2019-b171554877",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3200",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3200"
          },
          {
            "name": "FEDORA-2019-cf87377f5f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"
          },
          {
            "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "RHSA-2020:0164",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0164"
          },
          {
            "name": "RHSA-2020:0159",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0159"
          },
          {
            "name": "RHSA-2020:0160",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0160"
          },
          {
            "name": "RHSA-2020:0161",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0161"
          },
          {
            "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "RHSA-2020:0445",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0445"
          },
          {
            "name": "RHSA-2020:0729",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0729"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2449"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191004-0002/"
          },
          {
            "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:58",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb%40%3Ccommits.hbase.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"
        },
        {
          "name": "DSA-4542",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4542"
        },
        {
          "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Oct/6"
        },
        {
          "name": "FEDORA-2019-b171554877",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3200",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3200"
        },
        {
          "name": "FEDORA-2019-cf87377f5f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"
        },
        {
          "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "name": "RHSA-2020:0164",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0164"
        },
        {
          "name": "RHSA-2020:0159",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0159"
        },
        {
          "name": "RHSA-2020:0160",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0160"
        },
        {
          "name": "RHSA-2020:0161",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0161"
        },
        {
          "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "name": "RHSA-2020:0445",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0445"
        },
        {
          "name": "RHSA-2020:0729",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0729"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2449"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191004-0002/"
        },
        {
          "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-16335",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E"
            },
            {
              "name": "[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E"
            },
            {
              "name": "[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E"
            },
            {
              "name": "[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E"
            },
            {
              "name": "[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E"
            },
            {
              "name": "[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"
            },
            {
              "name": "DSA-4542",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4542"
            },
            {
              "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Oct/6"
            },
            {
              "name": "FEDORA-2019-b171554877",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3200",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3200"
            },
            {
              "name": "FEDORA-2019-cf87377f5f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"
            },
            {
              "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "RHSA-2020:0164",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0164"
            },
            {
              "name": "RHSA-2020:0159",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0159"
            },
            {
              "name": "RHSA-2020:0160",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0160"
            },
            {
              "name": "RHSA-2020:0161",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0161"
            },
            {
              "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "RHSA-2020:0445",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0445"
            },
            {
              "name": "RHSA-2020:0729",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0729"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2449",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2449"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191004-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191004-0002/"
            },
            {
              "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-16335",
    "datePublished": "2019-09-15T21:45:50",
    "dateReserved": "2019-09-15T00:00:00",
    "dateUpdated": "2024-08-05T01:10:41.788Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-36188
Vulnerability from cvelistv5
Published
2021-01-06 22:29
Modified
2024-08-04 17:23
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:23:09.309Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2996"
          },
          {
            "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:22:05",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2996"
        },
        {
          "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-36188",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2996",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2996"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36188",
    "datePublished": "2021-01-06T22:29:36",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-04T17:23:09.309Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-36189
Vulnerability from cvelistv5
Published
2021-01-06 22:29
Modified
2024-08-04 17:23
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:23:09.508Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2996"
          },
          {
            "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:22:16",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2996"
        },
        {
          "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-36189",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2996",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2996"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36189",
    "datePublished": "2021-01-06T22:29:28",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-04T17:23:09.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-36186
Vulnerability from cvelistv5
Published
2021-01-06 22:29
Modified
2024-08-04 17:23
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:23:09.443Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2997"
          },
          {
            "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:21:41",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2997"
        },
        {
          "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-36186",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2997",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2997"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36186",
    "datePublished": "2021-01-06T22:29:51",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-04T17:23:09.443Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-8840
Vulnerability from cvelistv5
Published
2020-02-10 19:41
Modified
2024-08-04 10:12
Severity ?
Summary
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
References
https://lists.apache.org/thread.html/r078e68a926ea6be12e8404e47f45aabf04bb4668e8265c0de41db6db%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r319f19c74e06c201b9d4e8b282a4e4b2da6dcda022fb46f007dd00d3%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020/02/msg00020.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r3d20a2660b36551fd8257d479941782af4a7169582449fac1704bde2%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb43f9a65150948a6bebd3cb77ee3e105d40db2820fd547528f4e7f89%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9ecf211c22760b00967ebe158c6ed7dba9142078e2a630ab8904a5b7%40%3Cdev.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r3539bd3a377991217d724879d239e16e86001c54160076408574e1da%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r6fdd4c61a09a0c89f581b4ddb3dc6f154ab0c705fcfd0a7358b2e4e5%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/re7326b8655eab931f2a9ce074fd9a1a51b5db11456bee9b48e1e170c%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r428d068b2a4923f1a5a4f5fc6381b95205cfe7620169d16db78e9c71%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r46bebdeb59b8b7212d63a010ca445a9f5c4e9d64dcf693cab6f399d3%40%3Ccommits.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/re8ae2670ec456ef1c5a2a661a2838ab2cd00e9efa1e88c069f546f21%40%3Ccommits.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r8170007fd9b263d65b37d92a7b5d7bc357aedbb113a32838bc4a9485%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rac5ee5d686818be7e7c430d35108ee01a88aae54f832d32f62431fd1%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdf8d389271a291dde3b2f99c36918d6cb1e796958af626cc140fee23%40%3Ccommits.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb5eedf90ba3633e171a2ffdfe484651c9490dc5df74c8a29244cbc0e%40%3Ccommits.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r65ee95fa09c831843bac81eaa582fdddc2b6119912a72d1c83a9b882%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb99c7321eba5d4c907beec46675d52827528b738cfafd48eb4d862f1%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdea588d4a0ebf9cb7ce8c3a8f18d0d306507c4f8ba178dd3d20207b8%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r1c09b9551f6953dbeca190a4c4b78198cdbb9825fce36f96fe3d8218%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rc717fd6c65190f4e592345713f9ef0723fb7d71f624caa2a17caa26a%40%3Cdev.ranger.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdf311f13e6356297e0ffe74397fdd25a3687b0a16e687c3ff5b834d8%40%3Cdev.ranger.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf28ab6f224b48452afd567dfffb705fbda0fdbbf6535f6bc69d47e91%40%3Cdev.ranger.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r2fa8046bd47fb407ca09b5107a80fa6147ba4ebe879caae5c98b7657%40%3Cdev.ranger.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5d8bea8e9d17b6efcf4a0e4e194e91ef46a99f505777a31a60da2b38%40%3Cdev.ranger.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r94930e39b60fff236160c1c4110fe884dc093044b067aa5fc98d7ee1%40%3Cdev.ranger.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r446646c5588b10f5e02409ad580b12f314869009cdfbf844ca395cec%40%3Cdev.ranger.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r1efc776fc6ce3387593deaa94bbdd296733b1b01408a39c8d1ab9e0e%40%3Cdev.ranger.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rfc1ccfe89332155b72ce17f13a2701d3e7b9ec213324ceb90e79a28a%40%3Cdev.ranger.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9e59ebaf76fd00b2fa3ff5ebf18fe075ca9f4376216612c696f76718%40%3Cdev.ranger.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rcc72b497e3dff2dc62ec9b89ceb90bc4e1b14fc56c3c252a6fcbb013%40%3Cdev.ranger.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r7762d69e85c58d6948823424017ef4c08f47de077644277fa18cc116%40%3Cdev.ranger.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ra275f29615f35d5b40106d1582a41e5388b2a5131564e9e01a572987%40%3Cdev.ranger.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb73708bf714ed6dbc1212da082e7703e586077f0c92f3940b2e82caf%40%3Cdev.ranger.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2620x_refsource_MISC
https://security.netapp.com/advisory/ntap-20200327-0002/x_refsource_CONFIRM
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-enx_refsource_CONFIRM
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:12:10.909Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[druid-commits] 20200219 [GitHub] [druid] ccaominh opened a new pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r078e68a926ea6be12e8404e47f45aabf04bb4668e8265c0de41db6db%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20200219 [GitHub] [druid] suneet-s commented on issue #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r319f19c74e06c201b9d4e8b282a4e4b2da6dcda022fb46f007dd00d3%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20200220 [SECURITY] [DLA 2111-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html"
          },
          {
            "name": "[druid-commits] 20200221 [GitHub] [druid] ccaominh merged pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3d20a2660b36551fd8257d479941782af4a7169582449fac1704bde2%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb43f9a65150948a6bebd3cb77ee3e105d40db2820fd547528f4e7f89%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9ecf211c22760b00967ebe158c6ed7dba9142078e2a630ab8904a5b7%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] eolivelli opened a new pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3539bd3a377991217d724879d239e16e86001c54160076408574e1da%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200223 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6fdd4c61a09a0c89f581b4ddb3dc6f154ab0c705fcfd0a7358b2e4e5%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200223 [jira] [Assigned] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re7326b8655eab931f2a9ce074fd9a1a51b5db11456bee9b48e1e170c%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] phunt commented on issue #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r428d068b2a4923f1a5a4f5fc6381b95205cfe7620169d16db78e9c71%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20200223 [zookeeper] branch master updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r46bebdeb59b8b7212d63a010ca445a9f5c4e9d64dcf693cab6f399d3%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20200223 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re8ae2670ec456ef1c5a2a661a2838ab2cd00e9efa1e88c069f546f21%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200223 [jira] [Resolved] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8170007fd9b263d65b37d92a7b5d7bc357aedbb113a32838bc4a9485%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] asfgit closed pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rac5ee5d686818be7e7c430d35108ee01a88aae54f832d32f62431fd1%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20200223 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdf8d389271a291dde3b2f99c36918d6cb1e796958af626cc140fee23%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20200224 [zookeeper] 01/02: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb5eedf90ba3633e171a2ffdfe484651c9490dc5df74c8a29244cbc0e%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200225 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r65ee95fa09c831843bac81eaa582fdddc2b6119912a72d1c83a9b882%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20200311 CVE-2020-8840 on TomEE 8.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb99c7321eba5d4c907beec46675d52827528b738cfafd48eb4d862f1%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20200311 Re: CVE-2020-8840 on TomEE 8.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdea588d4a0ebf9cb7ce8c3a8f18d0d306507c4f8ba178dd3d20207b8%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20200313 Re: CVE-2020-8840 on TomEE 8.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1c09b9551f6953dbeca190a4c4b78198cdbb9825fce36f96fe3d8218%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[ranger-dev] 20200330 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc717fd6c65190f4e592345713f9ef0723fb7d71f624caa2a17caa26a%40%3Cdev.ranger.apache.org%3E"
          },
          {
            "name": "[ranger-dev] 20200330 [jira] [Created] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdf311f13e6356297e0ffe74397fdd25a3687b0a16e687c3ff5b834d8%40%3Cdev.ranger.apache.org%3E"
          },
          {
            "name": "[ranger-dev] 20200408 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf28ab6f224b48452afd567dfffb705fbda0fdbbf6535f6bc69d47e91%40%3Cdev.ranger.apache.org%3E"
          },
          {
            "name": "[ranger-dev] 20200408 Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2fa8046bd47fb407ca09b5107a80fa6147ba4ebe879caae5c98b7657%40%3Cdev.ranger.apache.org%3E"
          },
          {
            "name": "[ranger-dev] 20200415 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5d8bea8e9d17b6efcf4a0e4e194e91ef46a99f505777a31a60da2b38%40%3Cdev.ranger.apache.org%3E"
          },
          {
            "name": "[ranger-dev] 20200416 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r94930e39b60fff236160c1c4110fe884dc093044b067aa5fc98d7ee1%40%3Cdev.ranger.apache.org%3E"
          },
          {
            "name": "[ranger-dev] 20200416 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r446646c5588b10f5e02409ad580b12f314869009cdfbf844ca395cec%40%3Cdev.ranger.apache.org%3E"
          },
          {
            "name": "[ranger-dev] 20200417 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1efc776fc6ce3387593deaa94bbdd296733b1b01408a39c8d1ab9e0e%40%3Cdev.ranger.apache.org%3E"
          },
          {
            "name": "[ranger-dev] 20200417 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfc1ccfe89332155b72ce17f13a2701d3e7b9ec213324ceb90e79a28a%40%3Cdev.ranger.apache.org%3E"
          },
          {
            "name": "[ranger-dev] 20200427 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9e59ebaf76fd00b2fa3ff5ebf18fe075ca9f4376216612c696f76718%40%3Cdev.ranger.apache.org%3E"
          },
          {
            "name": "[ranger-dev] 20200427 [jira] [Resolved] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rcc72b497e3dff2dc62ec9b89ceb90bc4e1b14fc56c3c252a6fcbb013%40%3Cdev.ranger.apache.org%3E"
          },
          {
            "name": "[ranger-dev] 20200430 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7762d69e85c58d6948823424017ef4c08f47de077644277fa18cc116%40%3Cdev.ranger.apache.org%3E"
          },
          {
            "name": "[ranger-dev] 20200507 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra275f29615f35d5b40106d1582a41e5388b2a5131564e9e01a572987%40%3Cdev.ranger.apache.org%3E"
          },
          {
            "name": "[ranger-dev] 20200514 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb73708bf714ed6dbc1212da082e7703e586077f0c92f3940b2e82caf%40%3Cdev.ranger.apache.org%3E"
          },
          {
            "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2620"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200327-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:15:05",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[druid-commits] 20200219 [GitHub] [druid] ccaominh opened a new pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r078e68a926ea6be12e8404e47f45aabf04bb4668e8265c0de41db6db%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20200219 [GitHub] [druid] suneet-s commented on issue #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r319f19c74e06c201b9d4e8b282a4e4b2da6dcda022fb46f007dd00d3%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20200220 [SECURITY] [DLA 2111-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html"
        },
        {
          "name": "[druid-commits] 20200221 [GitHub] [druid] ccaominh merged pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3d20a2660b36551fd8257d479941782af4a7169582449fac1704bde2%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb43f9a65150948a6bebd3cb77ee3e105d40db2820fd547528f4e7f89%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9ecf211c22760b00967ebe158c6ed7dba9142078e2a630ab8904a5b7%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] eolivelli opened a new pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3539bd3a377991217d724879d239e16e86001c54160076408574e1da%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200223 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6fdd4c61a09a0c89f581b4ddb3dc6f154ab0c705fcfd0a7358b2e4e5%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200223 [jira] [Assigned] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re7326b8655eab931f2a9ce074fd9a1a51b5db11456bee9b48e1e170c%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] phunt commented on issue #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r428d068b2a4923f1a5a4f5fc6381b95205cfe7620169d16db78e9c71%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20200223 [zookeeper] branch master updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r46bebdeb59b8b7212d63a010ca445a9f5c4e9d64dcf693cab6f399d3%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20200223 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re8ae2670ec456ef1c5a2a661a2838ab2cd00e9efa1e88c069f546f21%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200223 [jira] [Resolved] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8170007fd9b263d65b37d92a7b5d7bc357aedbb113a32838bc4a9485%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] asfgit closed pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rac5ee5d686818be7e7c430d35108ee01a88aae54f832d32f62431fd1%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20200223 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdf8d389271a291dde3b2f99c36918d6cb1e796958af626cc140fee23%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20200224 [zookeeper] 01/02: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb5eedf90ba3633e171a2ffdfe484651c9490dc5df74c8a29244cbc0e%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200225 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r65ee95fa09c831843bac81eaa582fdddc2b6119912a72d1c83a9b882%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20200311 CVE-2020-8840 on TomEE 8.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb99c7321eba5d4c907beec46675d52827528b738cfafd48eb4d862f1%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20200311 Re: CVE-2020-8840 on TomEE 8.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdea588d4a0ebf9cb7ce8c3a8f18d0d306507c4f8ba178dd3d20207b8%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20200313 Re: CVE-2020-8840 on TomEE 8.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1c09b9551f6953dbeca190a4c4b78198cdbb9825fce36f96fe3d8218%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[ranger-dev] 20200330 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc717fd6c65190f4e592345713f9ef0723fb7d71f624caa2a17caa26a%40%3Cdev.ranger.apache.org%3E"
        },
        {
          "name": "[ranger-dev] 20200330 [jira] [Created] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdf311f13e6356297e0ffe74397fdd25a3687b0a16e687c3ff5b834d8%40%3Cdev.ranger.apache.org%3E"
        },
        {
          "name": "[ranger-dev] 20200408 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf28ab6f224b48452afd567dfffb705fbda0fdbbf6535f6bc69d47e91%40%3Cdev.ranger.apache.org%3E"
        },
        {
          "name": "[ranger-dev] 20200408 Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2fa8046bd47fb407ca09b5107a80fa6147ba4ebe879caae5c98b7657%40%3Cdev.ranger.apache.org%3E"
        },
        {
          "name": "[ranger-dev] 20200415 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5d8bea8e9d17b6efcf4a0e4e194e91ef46a99f505777a31a60da2b38%40%3Cdev.ranger.apache.org%3E"
        },
        {
          "name": "[ranger-dev] 20200416 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r94930e39b60fff236160c1c4110fe884dc093044b067aa5fc98d7ee1%40%3Cdev.ranger.apache.org%3E"
        },
        {
          "name": "[ranger-dev] 20200416 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r446646c5588b10f5e02409ad580b12f314869009cdfbf844ca395cec%40%3Cdev.ranger.apache.org%3E"
        },
        {
          "name": "[ranger-dev] 20200417 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1efc776fc6ce3387593deaa94bbdd296733b1b01408a39c8d1ab9e0e%40%3Cdev.ranger.apache.org%3E"
        },
        {
          "name": "[ranger-dev] 20200417 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfc1ccfe89332155b72ce17f13a2701d3e7b9ec213324ceb90e79a28a%40%3Cdev.ranger.apache.org%3E"
        },
        {
          "name": "[ranger-dev] 20200427 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9e59ebaf76fd00b2fa3ff5ebf18fe075ca9f4376216612c696f76718%40%3Cdev.ranger.apache.org%3E"
        },
        {
          "name": "[ranger-dev] 20200427 [jira] [Resolved] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rcc72b497e3dff2dc62ec9b89ceb90bc4e1b14fc56c3c252a6fcbb013%40%3Cdev.ranger.apache.org%3E"
        },
        {
          "name": "[ranger-dev] 20200430 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7762d69e85c58d6948823424017ef4c08f47de077644277fa18cc116%40%3Cdev.ranger.apache.org%3E"
        },
        {
          "name": "[ranger-dev] 20200507 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra275f29615f35d5b40106d1582a41e5388b2a5131564e9e01a572987%40%3Cdev.ranger.apache.org%3E"
        },
        {
          "name": "[ranger-dev] 20200514 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb73708bf714ed6dbc1212da082e7703e586077f0c92f3940b2e82caf%40%3Cdev.ranger.apache.org%3E"
        },
        {
          "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2620"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200327-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-8840",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[druid-commits] 20200219 [GitHub] [druid] ccaominh opened a new pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r078e68a926ea6be12e8404e47f45aabf04bb4668e8265c0de41db6db@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20200219 [GitHub] [druid] suneet-s commented on issue #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r319f19c74e06c201b9d4e8b282a4e4b2da6dcda022fb46f007dd00d3@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200220 [SECURITY] [DLA 2111-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html"
            },
            {
              "name": "[druid-commits] 20200221 [GitHub] [druid] ccaominh merged pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3d20a2660b36551fd8257d479941782af4a7169582449fac1704bde2@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb43f9a65150948a6bebd3cb77ee3e105d40db2820fd547528f4e7f89@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9ecf211c22760b00967ebe158c6ed7dba9142078e2a630ab8904a5b7@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] eolivelli opened a new pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3539bd3a377991217d724879d239e16e86001c54160076408574e1da@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200223 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6fdd4c61a09a0c89f581b4ddb3dc6f154ab0c705fcfd0a7358b2e4e5@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200223 [jira] [Assigned] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re7326b8655eab931f2a9ce074fd9a1a51b5db11456bee9b48e1e170c@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] phunt commented on issue #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r428d068b2a4923f1a5a4f5fc6381b95205cfe7620169d16db78e9c71@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20200223 [zookeeper] branch master updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r46bebdeb59b8b7212d63a010ca445a9f5c4e9d64dcf693cab6f399d3@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20200223 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re8ae2670ec456ef1c5a2a661a2838ab2cd00e9efa1e88c069f546f21@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200223 [jira] [Resolved] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8170007fd9b263d65b37d92a7b5d7bc357aedbb113a32838bc4a9485@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20200223 [GitHub] [zookeeper] asfgit closed pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rac5ee5d686818be7e7c430d35108ee01a88aae54f832d32f62431fd1@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20200223 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdf8d389271a291dde3b2f99c36918d6cb1e796958af626cc140fee23@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20200224 [zookeeper] 01/02: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb5eedf90ba3633e171a2ffdfe484651c9490dc5df74c8a29244cbc0e@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200225 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r65ee95fa09c831843bac81eaa582fdddc2b6119912a72d1c83a9b882@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20200311 CVE-2020-8840 on TomEE 8.0.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb99c7321eba5d4c907beec46675d52827528b738cfafd48eb4d862f1@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20200311 Re: CVE-2020-8840 on TomEE 8.0.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdea588d4a0ebf9cb7ce8c3a8f18d0d306507c4f8ba178dd3d20207b8@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20200313 Re: CVE-2020-8840 on TomEE 8.0.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1c09b9551f6953dbeca190a4c4b78198cdbb9825fce36f96fe3d8218@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[ranger-dev] 20200330 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc717fd6c65190f4e592345713f9ef0723fb7d71f624caa2a17caa26a@%3Cdev.ranger.apache.org%3E"
            },
            {
              "name": "[ranger-dev] 20200330 [jira] [Created] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdf311f13e6356297e0ffe74397fdd25a3687b0a16e687c3ff5b834d8@%3Cdev.ranger.apache.org%3E"
            },
            {
              "name": "[ranger-dev] 20200408 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf28ab6f224b48452afd567dfffb705fbda0fdbbf6535f6bc69d47e91@%3Cdev.ranger.apache.org%3E"
            },
            {
              "name": "[ranger-dev] 20200408 Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2fa8046bd47fb407ca09b5107a80fa6147ba4ebe879caae5c98b7657@%3Cdev.ranger.apache.org%3E"
            },
            {
              "name": "[ranger-dev] 20200415 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5d8bea8e9d17b6efcf4a0e4e194e91ef46a99f505777a31a60da2b38@%3Cdev.ranger.apache.org%3E"
            },
            {
              "name": "[ranger-dev] 20200416 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r94930e39b60fff236160c1c4110fe884dc093044b067aa5fc98d7ee1@%3Cdev.ranger.apache.org%3E"
            },
            {
              "name": "[ranger-dev] 20200416 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r446646c5588b10f5e02409ad580b12f314869009cdfbf844ca395cec@%3Cdev.ranger.apache.org%3E"
            },
            {
              "name": "[ranger-dev] 20200417 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1efc776fc6ce3387593deaa94bbdd296733b1b01408a39c8d1ab9e0e@%3Cdev.ranger.apache.org%3E"
            },
            {
              "name": "[ranger-dev] 20200417 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfc1ccfe89332155b72ce17f13a2701d3e7b9ec213324ceb90e79a28a@%3Cdev.ranger.apache.org%3E"
            },
            {
              "name": "[ranger-dev] 20200427 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9e59ebaf76fd00b2fa3ff5ebf18fe075ca9f4376216612c696f76718@%3Cdev.ranger.apache.org%3E"
            },
            {
              "name": "[ranger-dev] 20200427 [jira] [Resolved] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rcc72b497e3dff2dc62ec9b89ceb90bc4e1b14fc56c3c252a6fcbb013@%3Cdev.ranger.apache.org%3E"
            },
            {
              "name": "[ranger-dev] 20200430 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7762d69e85c58d6948823424017ef4c08f47de077644277fa18cc116@%3Cdev.ranger.apache.org%3E"
            },
            {
              "name": "[ranger-dev] 20200507 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra275f29615f35d5b40106d1582a41e5388b2a5131564e9e01a572987@%3Cdev.ranger.apache.org%3E"
            },
            {
              "name": "[ranger-dev] 20200514 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb73708bf714ed6dbc1212da082e7703e586077f0c92f3940b2e82caf@%3Cdev.ranger.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220@%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2620",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2620"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200327-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200327-0002/"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-8840",
    "datePublished": "2020-02-10T19:41:58",
    "dateReserved": "2020-02-10T00:00:00",
    "dateUpdated": "2024-08-04T10:12:10.909Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-36518
Vulnerability from cvelistv5
Published
2022-03-11 00:00
Modified
2024-08-04 17:30
Severity ?
Summary
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:30:08.127Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2816"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "name": "[debian-lts-announce] 20220502 [SECURITY] [DLA 2990-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220506-0004/"
          },
          {
            "name": "DSA-5283",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5283"
          },
          {
            "name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-27T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/FasterXML/jackson-databind/issues/2816"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "name": "[debian-lts-announce] 20220502 [SECURITY] [DLA 2990-1] jackson-databind security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220506-0004/"
        },
        {
          "name": "DSA-5283",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5283"
        },
        {
          "name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36518",
    "datePublished": "2022-03-11T00:00:00",
    "dateReserved": "2022-03-11T00:00:00",
    "dateUpdated": "2024-08-04T17:30:08.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-12384
Vulnerability from cvelistv5
Published
2019-06-24 15:34
Modified
2024-08-04 23:17
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.
References
https://lists.debian.org/debian-lts-announce/2019/06/msg00019.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:1820vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:2720vendor-advisory, x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/vendor-advisory, x_refsource_FEDORA
https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/vendor-advisory, x_refsource_FEDORA
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2937vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2935vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2936vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2938vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2019/dsa-4542vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Oct/6mailing-list, x_refsource_BUGTRAQ
https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:2998vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3200vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3292vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3297vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3901vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:4352vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://doyensec.com/research.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aadx_refsource_MISC
https://lists.debian.org/debian-lts-announce/2019/06/msg00019.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190703-0002/x_refsource_CONFIRM
https://blog.doyensec.com/2019/07/22/jackson-gadgets.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:17:39.988Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"
          },
          {
            "name": "RHSA-2019:1820",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1820"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "RHSA-2019:2720",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2720"
          },
          {
            "name": "FEDORA-2019-99ff6aa32c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
          },
          {
            "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"
          },
          {
            "name": "FEDORA-2019-ae6a703b8f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
          },
          {
            "name": "FEDORA-2019-fb23eccc03",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "name": "RHSA-2019:2937",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2937"
          },
          {
            "name": "RHSA-2019:2935",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2935"
          },
          {
            "name": "RHSA-2019:2936",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2936"
          },
          {
            "name": "RHSA-2019:2938",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2938"
          },
          {
            "name": "DSA-4542",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4542"
          },
          {
            "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Oct/6"
          },
          {
            "name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E"
          },
          {
            "name": "RHSA-2019:2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2998"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3200",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3200"
          },
          {
            "name": "RHSA-2019:3292",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3292"
          },
          {
            "name": "RHSA-2019:3297",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3297"
          },
          {
            "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3901",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3901"
          },
          {
            "name": "RHSA-2019:4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4352"
          },
          {
            "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://doyensec.com/research.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190703-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.doyensec.com/2019/07/22/jackson-gadgets.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:56",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"
        },
        {
          "name": "RHSA-2019:1820",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1820"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "RHSA-2019:2720",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2720"
        },
        {
          "name": "FEDORA-2019-99ff6aa32c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
        },
        {
          "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"
        },
        {
          "name": "FEDORA-2019-ae6a703b8f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
        },
        {
          "name": "FEDORA-2019-fb23eccc03",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "name": "RHSA-2019:2937",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2937"
        },
        {
          "name": "RHSA-2019:2935",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2935"
        },
        {
          "name": "RHSA-2019:2936",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2936"
        },
        {
          "name": "RHSA-2019:2938",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2938"
        },
        {
          "name": "DSA-4542",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4542"
        },
        {
          "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Oct/6"
        },
        {
          "name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E"
        },
        {
          "name": "RHSA-2019:2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2998"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3200",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3200"
        },
        {
          "name": "RHSA-2019:3292",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3292"
        },
        {
          "name": "RHSA-2019:3297",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3297"
        },
        {
          "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3901",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3901"
        },
        {
          "name": "RHSA-2019:4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4352"
        },
        {
          "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://doyensec.com/research.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190703-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.doyensec.com/2019/07/22/jackson-gadgets.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12384",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"
            },
            {
              "name": "RHSA-2019:1820",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1820"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "RHSA-2019:2720",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2720"
            },
            {
              "name": "FEDORA-2019-99ff6aa32c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
            },
            {
              "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E"
            },
            {
              "name": "FEDORA-2019-ae6a703b8f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
            },
            {
              "name": "FEDORA-2019-fb23eccc03",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "RHSA-2019:2937",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2937"
            },
            {
              "name": "RHSA-2019:2935",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2935"
            },
            {
              "name": "RHSA-2019:2936",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2936"
            },
            {
              "name": "RHSA-2019:2938",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2938"
            },
            {
              "name": "DSA-4542",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4542"
            },
            {
              "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Oct/6"
            },
            {
              "name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E"
            },
            {
              "name": "RHSA-2019:2998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2998"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3200",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3200"
            },
            {
              "name": "RHSA-2019:3292",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3292"
            },
            {
              "name": "RHSA-2019:3297",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3297"
            },
            {
              "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3901",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3901"
            },
            {
              "name": "RHSA-2019:4352",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4352"
            },
            {
              "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://doyensec.com/research.html",
              "refsource": "MISC",
              "url": "https://doyensec.com/research.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad"
            },
            {
              "name": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html",
              "refsource": "CONFIRM",
              "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190703-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190703-0002/"
            },
            {
              "name": "https://blog.doyensec.com/2019/07/22/jackson-gadgets.html",
              "refsource": "MISC",
              "url": "https://blog.doyensec.com/2019/07/22/jackson-gadgets.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12384",
    "datePublished": "2019-06-24T15:34:08",
    "dateReserved": "2019-05-27T00:00:00",
    "dateUpdated": "2024-08-04T23:17:39.988Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-10650
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2024-08-04 11:06
Severity ?
Summary
A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:06:10.616Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/advisories/GHSA-rpr3-cw39-3pxh"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2658"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0ef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00032.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230818-0007/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-26T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "url": "https://github.com/advisories/GHSA-rpr3-cw39-3pxh"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2022.html"
        },
        {
          "url": "https://github.com/FasterXML/jackson-databind/issues/2658"
        },
        {
          "url": "https://github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0ef"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00032.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230818-0007/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-10650",
    "datePublished": "2022-12-26T00:00:00",
    "dateReserved": "2020-03-17T00:00:00",
    "dateUpdated": "2024-08-04T11:06:10.616Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-36184
Vulnerability from cvelistv5
Published
2021-01-06 22:30
Modified
2024-08-04 17:23
Summary
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jackson-databind",
            "vendor": "fasterxml",
            "versions": [
              {
                "lessThan": "2.9.10.8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "steelstore_cloud_integrated_storage",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "agile_plm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autovue_for_agile_product_lifecycle_management",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.0.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "banking_digital_experience",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "18.3",
                "status": "affected",
                "version": "18.1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "19.2",
                "status": "affected",
                "version": "19.1",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "20.1"
              },
              {
                "lessThanOrEqual": "2.9.0",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_calendar_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.0.5.0",
                "status": "affected",
                "version": "8.0.0.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_diameter_signaling_router",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_element_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_evolved_communications_application_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_instant_messaging_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "10.0.1.4.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "6.0.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.0.3",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_session_route_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_manager_base_platform",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "13.4.0.0",
                "status": "affected",
                "version": "13.3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_analytical_applications_infrastructure",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.1.0",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_institutional_performance_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              },
              {
                "status": "affected",
                "version": "8.0.7"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_price_creation_and_discovery",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.7",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_retail_customer_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "global_lifecycle_management_opatch",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.0.1.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "insurance_policy_administration_j2ee",
            "vendor": "oracle",
            "versions": [
              {
                "lessThan": "11.1.0.15",
                "status": "affected",
                "version": "11.0.2.25",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jd_edwards_enterpriseone_orchestrator",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "9.2.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "primavera_unifier",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "16.1"
              },
              {
                "status": "affected",
                "version": "16.2"
              },
              {
                "lessThanOrEqual": "17.12",
                "status": "affected",
                "version": "17.7",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "18.8"
              },
              {
                "status": "affected",
                "version": "19.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_merchandising_system",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "15.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_sales_audit",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_service_backbone",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              },
              {
                "status": "affected",
                "version": "15.0"
              },
              {
                "status": "affected",
                "version": "16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_xstore_point_of_service",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "19.0",
                "status": "affected",
                "version": "15.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "weblogic_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.1.4.0",
                "status": "affected",
                "version": "12.2.1.3.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-36184",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-25T04:00:50.943406Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:12:27.571Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:23:09.423Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2998"
          },
          {
            "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:21:15",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2998"
        },
        {
          "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-36184",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2998",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2998"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36184",
    "datePublished": "2021-01-06T22:30:07",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-04T17:23:09.423Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-9547
Vulnerability from cvelistv5
Published
2020-03-02 03:59
Modified
2024-08-04 10:34
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
References
https://lists.debian.org/debian-lts-announce/2020/03/msg00008.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd0e958d6d5c5ee16efed73314cd0e445c8dbb4bdcc80fc9d1d6c11fc%40%3Cdev.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3Ex_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2634x_refsource_MISC
https://lists.apache.org/thread.html/redbe4f1e21bf080f637cf9fbec47729750a2f443a919765360337428%40%3Cnotifications.zookeeper.apache.org%3Ex_refsource_MISC
https://lists.apache.org/thread.html/r742ef70d126548dcf7de5be5779355c9d76a9aec71d7a9ef02c6398a%40%3Cnotifications.zookeeper.apache.org%3Ex_refsource_MISC
https://lists.apache.org/thread.html/ra3e90712f2d59f8cef03fa796f5adf163d32b81fe7b95385f21790e6%40%3Cnotifications.zookeeper.apache.org%3Ex_refsource_MISC
https://lists.apache.org/thread.html/r4accb2e0de9679174efd3d113a059bab71ff3ec53e882790d21c1cc1%40%3Cnotifications.zookeeper.apache.org%3Ex_refsource_MISC
https://lists.apache.org/thread.html/rc0d5d0f72da1ed6fc5e438b1ddb3fa090c73006b55f873cf845375ab%40%3Cnotifications.zookeeper.apache.org%3Ex_refsource_MISC
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20200904-0006/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.951Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
          },
          {
            "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20200307 Build failed in Jenkins: PreCommit-ZOOKEEPER-github-pr-build-maven #1898",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd0e958d6d5c5ee16efed73314cd0e445c8dbb4bdcc80fc9d1d6c11fc%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2634"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/redbe4f1e21bf080f637cf9fbec47729750a2f443a919765360337428%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r742ef70d126548dcf7de5be5779355c9d76a9aec71d7a9ef02c6398a%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra3e90712f2d59f8cef03fa796f5adf163d32b81fe7b95385f21790e6%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4accb2e0de9679174efd3d113a059bab71ff3ec53e882790d21c1cc1%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc0d5d0f72da1ed6fc5e438b1ddb3fa090c73006b55f873cf845375ab%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:40:29",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
        },
        {
          "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20200307 Build failed in Jenkins: PreCommit-ZOOKEEPER-github-pr-build-maven #1898",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd0e958d6d5c5ee16efed73314cd0e445c8dbb4bdcc80fc9d1d6c11fc%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2634"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/redbe4f1e21bf080f637cf9fbec47729750a2f443a919765360337428%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r742ef70d126548dcf7de5be5779355c9d76a9aec71d7a9ef02c6398a%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/ra3e90712f2d59f8cef03fa796f5adf163d32b81fe7b95385f21790e6%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r4accb2e0de9679174efd3d113a059bab71ff3ec53e882790d21c1cc1%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/rc0d5d0f72da1ed6fc5e438b1ddb3fa090c73006b55f873cf845375ab%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-9547",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
            },
            {
              "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200307 Build failed in Jenkins: PreCommit-ZOOKEEPER-github-pr-build-maven #1898",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd0e958d6d5c5ee16efed73314cd0e445c8dbb4bdcc80fc9d1d6c11fc@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2634",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2634"
            },
            {
              "name": "https://lists.apache.org/thread.html/redbe4f1e21bf080f637cf9fbec47729750a2f443a919765360337428@%3Cnotifications.zookeeper.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/redbe4f1e21bf080f637cf9fbec47729750a2f443a919765360337428@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r742ef70d126548dcf7de5be5779355c9d76a9aec71d7a9ef02c6398a@%3Cnotifications.zookeeper.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r742ef70d126548dcf7de5be5779355c9d76a9aec71d7a9ef02c6398a@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/ra3e90712f2d59f8cef03fa796f5adf163d32b81fe7b95385f21790e6@%3Cnotifications.zookeeper.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/ra3e90712f2d59f8cef03fa796f5adf163d32b81fe7b95385f21790e6@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r4accb2e0de9679174efd3d113a059bab71ff3ec53e882790d21c1cc1@%3Cnotifications.zookeeper.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r4accb2e0de9679174efd3d113a059bab71ff3ec53e882790d21c1cc1@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rc0d5d0f72da1ed6fc5e438b1ddb3fa090c73006b55f873cf845375ab@%3Cnotifications.zookeeper.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/rc0d5d0f72da1ed6fc5e438b1ddb3fa090c73006b55f873cf845375ab@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200904-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-9547",
    "datePublished": "2020-03-02T03:59:08",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.951Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-19360
Vulnerability from cvelistv5
Published
2019-01-02 18:00
Modified
2024-08-05 11:37
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
References
https://github.com/FasterXML/jackson-databind/issues/2186x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2019/03/msg00005.htmlmailing-list, x_refsource_MLIST
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8x_refsource_CONFIRM
https://issues.apache.org/jira/browse/TINKERPOP-2121x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2bx_refsource_CONFIRM
https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:0782vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0877vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2019:0959vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2019/dsa-4452vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/May/68mailing-list, x_refsource_BUGTRAQ
https://security.netapp.com/advisory/ntap-20190530-0003/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:1782vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1797vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
http://www.securityfocus.com/bid/107985vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2019:1822vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1823vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2804vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3002vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:3140vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3892vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:4037vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:37:10.574Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2186"
          },
          {
            "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.apache.org/jira/browse/TINKERPOP-2121"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
          },
          {
            "name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "name": "RHSA-2019:0782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0782"
          },
          {
            "name": "RHSA-2019:0877",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0877"
          },
          {
            "name": "RHBA-2019:0959",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:0959"
          },
          {
            "name": "DSA-4452",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4452"
          },
          {
            "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/68"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
          },
          {
            "name": "RHSA-2019:1782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1782"
          },
          {
            "name": "RHSA-2019:1797",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1797"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "107985",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107985"
          },
          {
            "name": "RHSA-2019:1822",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1822"
          },
          {
            "name": "RHSA-2019:1823",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1823"
          },
          {
            "name": "RHSA-2019:2804",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2804"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "name": "RHSA-2019:3002",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3002"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "name": "RHSA-2019:3140",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3140"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3892",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3892"
          },
          {
            "name": "RHSA-2019:4037",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4037"
          },
          {
            "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-11-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-31T13:06:08",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2186"
        },
        {
          "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.apache.org/jira/browse/TINKERPOP-2121"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
        },
        {
          "name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "name": "RHSA-2019:0782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0782"
        },
        {
          "name": "RHSA-2019:0877",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0877"
        },
        {
          "name": "RHBA-2019:0959",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2019:0959"
        },
        {
          "name": "DSA-4452",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4452"
        },
        {
          "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/68"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
        },
        {
          "name": "RHSA-2019:1782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1782"
        },
        {
          "name": "RHSA-2019:1797",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1797"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "name": "107985",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107985"
        },
        {
          "name": "RHSA-2019:1822",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1822"
        },
        {
          "name": "RHSA-2019:1823",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1823"
        },
        {
          "name": "RHSA-2019:2804",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2804"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "name": "RHSA-2019:3002",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3002"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "name": "RHSA-2019:3140",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3140"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3892",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3892"
        },
        {
          "name": "RHSA-2019:4037",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4037"
        },
        {
          "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-19360",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2186",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2186"
            },
            {
              "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
            },
            {
              "name": "https://issues.apache.org/jira/browse/TINKERPOP-2121",
              "refsource": "CONFIRM",
              "url": "https://issues.apache.org/jira/browse/TINKERPOP-2121"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
            },
            {
              "name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "RHSA-2019:0782",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0782"
            },
            {
              "name": "RHSA-2019:0877",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0877"
            },
            {
              "name": "RHBA-2019:0959",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHBA-2019:0959"
            },
            {
              "name": "DSA-4452",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4452"
            },
            {
              "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/68"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190530-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
            },
            {
              "name": "RHSA-2019:1782",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1782"
            },
            {
              "name": "RHSA-2019:1797",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1797"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "107985",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107985"
            },
            {
              "name": "RHSA-2019:1822",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1822"
            },
            {
              "name": "RHSA-2019:1823",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1823"
            },
            {
              "name": "RHSA-2019:2804",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2804"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "RHSA-2019:3002",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3002"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "RHSA-2019:3140",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3140"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3892",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3892"
            },
            {
              "name": "RHSA-2019:4037",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4037"
            },
            {
              "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-19360",
    "datePublished": "2019-01-02T18:00:00",
    "dateReserved": "2018-11-19T00:00:00",
    "dateUpdated": "2024-08-05T11:37:10.574Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-35490
Vulnerability from cvelistv5
Published
2020-12-17 18:43
Modified
2024-08-04 17:02
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:02:08.209Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2986"
          },
          {
            "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210122-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:19:42",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2986"
        },
        {
          "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210122-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-35490",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2986",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2986"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210122-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210122-0005/"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-35490",
    "datePublished": "2020-12-17T18:43:51",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-04T17:02:08.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-17531
Vulnerability from cvelistv5
Published
2019-10-12 20:07
Modified
2024-08-05 01:40
Severity ?
Summary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.
References
https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5%40%3Ccommits.pulsar.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:4192vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2019/12/msg00013.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2020:0164vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0159vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0160vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0161vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0445vendor-advisory, x_refsource_REDHAT
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2498x_refsource_MISC
https://security.netapp.com/advisory/ntap-20191024-0005/x_refsource_CONFIRM
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:40:16.110Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[pulsar-commits] 20191127 [GitHub] [pulsar] massakam opened a new pull request #5758: Bump jackson libraries to 2.10.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "RHSA-2019:4192",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4192"
          },
          {
            "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html"
          },
          {
            "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "RHSA-2020:0164",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0164"
          },
          {
            "name": "RHSA-2020:0159",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0159"
          },
          {
            "name": "RHSA-2020:0160",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0160"
          },
          {
            "name": "RHSA-2020:0161",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0161"
          },
          {
            "name": "RHSA-2020:0445",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0445"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2498"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191024-0005/"
          },
          {
            "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T22:53:41",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[pulsar-commits] 20191127 [GitHub] [pulsar] massakam opened a new pull request #5758: Bump jackson libraries to 2.10.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "RHSA-2019:4192",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4192"
        },
        {
          "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html"
        },
        {
          "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "RHSA-2020:0164",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0164"
        },
        {
          "name": "RHSA-2020:0159",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0159"
        },
        {
          "name": "RHSA-2020:0160",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0160"
        },
        {
          "name": "RHSA-2020:0161",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0161"
        },
        {
          "name": "RHSA-2020:0445",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0445"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2498"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191024-0005/"
        },
        {
          "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17531",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[pulsar-commits] 20191127 [GitHub] [pulsar] massakam opened a new pull request #5758: Bump jackson libraries to 2.10.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "RHSA-2019:4192",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4192"
            },
            {
              "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html"
            },
            {
              "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "RHSA-2020:0164",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0164"
            },
            {
              "name": "RHSA-2020:0159",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0159"
            },
            {
              "name": "RHSA-2020:0160",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0160"
            },
            {
              "name": "RHSA-2020:0161",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0161"
            },
            {
              "name": "RHSA-2020:0445",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0445"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2498",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2498"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191024-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191024-0005/"
            },
            {
              "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17531",
    "datePublished": "2019-10-12T20:07:34",
    "dateReserved": "2019-10-12T00:00:00",
    "dateUpdated": "2024-08-05T01:40:16.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-7489
Vulnerability from cvelistv5
Published
2018-02-26 15:00
Modified
2024-08-05 06:31
Severity ?
Summary
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
References
http://www.securityfocus.com/bid/103203vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:1448vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1449vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2938vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1450vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2090vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2939vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1041890vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id/1040693vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:1786vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1451vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4190vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:1447vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2088vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2089vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_usx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180328-0001/x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/1931x_refsource_CONFIRM
https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:31:03.738Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "103203",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103203"
          },
          {
            "name": "RHSA-2018:1448",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1448"
          },
          {
            "name": "RHSA-2018:1449",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1449"
          },
          {
            "name": "RHSA-2018:2938",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2938"
          },
          {
            "name": "RHSA-2018:1450",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1450"
          },
          {
            "name": "RHSA-2018:2090",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2090"
          },
          {
            "name": "RHSA-2018:2939",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2939"
          },
          {
            "name": "1041890",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041890"
          },
          {
            "name": "1040693",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040693"
          },
          {
            "name": "RHSA-2018:1786",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1786"
          },
          {
            "name": "RHSA-2018:1451",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1451"
          },
          {
            "name": "DSA-4190",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4190"
          },
          {
            "name": "RHSA-2018:1447",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1447"
          },
          {
            "name": "RHSA-2018:2088",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2088"
          },
          {
            "name": "RHSA-2018:2089",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2089"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180328-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/1931"
          },
          {
            "name": "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-25T00:06:15",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "103203",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103203"
        },
        {
          "name": "RHSA-2018:1448",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1448"
        },
        {
          "name": "RHSA-2018:1449",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1449"
        },
        {
          "name": "RHSA-2018:2938",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2938"
        },
        {
          "name": "RHSA-2018:1450",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1450"
        },
        {
          "name": "RHSA-2018:2090",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2090"
        },
        {
          "name": "RHSA-2018:2939",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2939"
        },
        {
          "name": "1041890",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041890"
        },
        {
          "name": "1040693",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040693"
        },
        {
          "name": "RHSA-2018:1786",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1786"
        },
        {
          "name": "RHSA-2018:1451",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1451"
        },
        {
          "name": "DSA-4190",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4190"
        },
        {
          "name": "RHSA-2018:1447",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1447"
        },
        {
          "name": "RHSA-2018:2088",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2088"
        },
        {
          "name": "RHSA-2018:2089",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2089"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180328-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/1931"
        },
        {
          "name": "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-7489",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "103203",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103203"
            },
            {
              "name": "RHSA-2018:1448",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1448"
            },
            {
              "name": "RHSA-2018:1449",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1449"
            },
            {
              "name": "RHSA-2018:2938",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2938"
            },
            {
              "name": "RHSA-2018:1450",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1450"
            },
            {
              "name": "RHSA-2018:2090",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2090"
            },
            {
              "name": "RHSA-2018:2939",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2939"
            },
            {
              "name": "1041890",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041890"
            },
            {
              "name": "1040693",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040693"
            },
            {
              "name": "RHSA-2018:1786",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1786"
            },
            {
              "name": "RHSA-2018:1451",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1451"
            },
            {
              "name": "DSA-4190",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4190"
            },
            {
              "name": "RHSA-2018:1447",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1447"
            },
            {
              "name": "RHSA-2018:2088",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2088"
            },
            {
              "name": "RHSA-2018:2089",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2089"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180328-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180328-0001/"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/1931",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/issues/1931"
            },
            {
              "name": "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-7489",
    "datePublished": "2018-02-26T15:00:00",
    "dateReserved": "2018-02-26T00:00:00",
    "dateUpdated": "2024-08-05T06:31:03.738Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-10969
Vulnerability from cvelistv5
Published
2020-03-26 12:43
Modified
2024-08-04 11:21
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "steelstore_cloud_integrated_storage",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "agile_plm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autovue_for_agile_product_lifecycle_management",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.0.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "banking_digital_experience",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "18.3",
                "status": "affected",
                "version": "18.1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "19.2",
                "status": "affected",
                "version": "19.1",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "20.1"
              },
              {
                "lessThanOrEqual": "2.9.0",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_calendar_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.0.5.0",
                "status": "affected",
                "version": "8.0.0.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_diameter_signaling_router",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_element_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_evolved_communications_application_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_instant_messaging_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "10.0.1.4.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "6.0.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.0.3",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_session_route_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_manager_base_platform",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "13.4.0.0",
                "status": "affected",
                "version": "13.3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_analytical_applications_infrastructure",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.1.0",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_institutional_performance_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              },
              {
                "status": "affected",
                "version": "8.0.7"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_price_creation_and_discovery",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.7",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_retail_customer_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "global_lifecycle_management_opatch",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.0.1.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "insurance_policy_administration_j2ee",
            "vendor": "oracle",
            "versions": [
              {
                "lessThan": "11.1.0.15",
                "status": "affected",
                "version": "11.0.2.25",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jd_edwards_enterpriseone_orchestrator",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "9.2.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "primavera_unifier",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "16.1"
              },
              {
                "status": "affected",
                "version": "16.2"
              },
              {
                "lessThanOrEqual": "17.12",
                "status": "affected",
                "version": "17.7",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "18.8"
              },
              {
                "status": "affected",
                "version": "19.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_merchandising_system",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "15.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_sales_audit",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_service_backbone",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              },
              {
                "status": "affected",
                "version": "15.0"
              },
              {
                "status": "affected",
                "version": "16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_xstore_point_of_service",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "19.0",
                "status": "affected",
                "version": "15.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "weblogic_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.1.4.0",
                "status": "affected",
                "version": "12.2.1.3.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jackson-databind",
            "vendor": "fasterxml",
            "versions": [
              {
                "lessThan": "2.9.10.4",
                "status": "affected",
                "version": "2.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-10969",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-25T04:00:45.779442Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T19:58:54.159Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:13.816Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2642"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:44",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2642"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-10969",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2642",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2642"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-10969",
    "datePublished": "2020-03-26T12:43:34",
    "dateReserved": "2020-03-26T00:00:00",
    "dateUpdated": "2024-08-04T11:21:13.816Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-5968
Vulnerability from cvelistv5
Published
2018-01-22 04:00
Modified
2024-08-05 05:47
Severity ?
Summary
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:47:56.169Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:0479",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0479"
          },
          {
            "name": "RHSA-2018:0481",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0481"
          },
          {
            "name": "RHSA-2018:1525",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1525"
          },
          {
            "name": "RHSA-2018:0480",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0480"
          },
          {
            "name": "DSA-4114",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4114"
          },
          {
            "name": "RHSA-2018:0478",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0478"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180423-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/1899"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-01-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:54",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2018:0479",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0479"
        },
        {
          "name": "RHSA-2018:0481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0481"
        },
        {
          "name": "RHSA-2018:1525",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1525"
        },
        {
          "name": "RHSA-2018:0480",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0480"
        },
        {
          "name": "DSA-4114",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4114"
        },
        {
          "name": "RHSA-2018:0478",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0478"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180423-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/1899"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-5968",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:0479",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0479"
            },
            {
              "name": "RHSA-2018:0481",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0481"
            },
            {
              "name": "RHSA-2018:1525",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1525"
            },
            {
              "name": "RHSA-2018:0480",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0480"
            },
            {
              "name": "DSA-4114",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4114"
            },
            {
              "name": "RHSA-2018:0478",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0478"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180423-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180423-0002/"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/1899",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/1899"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-5968",
    "datePublished": "2018-01-22T04:00:00",
    "dateReserved": "2018-01-21T00:00:00",
    "dateUpdated": "2024-08-05T05:47:56.169Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-14892
Vulnerability from cvelistv5
Published
2020-03-02 16:28
Modified
2024-08-05 00:26
Summary
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
Impacted products
Red Hatjackson-databind
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:26:39.136Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14892"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2462"
          },
          {
            "name": "RHSA-2020:0729",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0729"
          },
          {
            "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200904-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jackson-databind",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "Versions before 2.9.10"
            },
            {
              "status": "affected",
              "version": "Versions before 2.8.11.5"
            },
            {
              "status": "affected",
              "version": "Versions before 2.6.7.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-04T11:06:13",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14892"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2462"
        },
        {
          "name": "RHSA-2020:0729",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0729"
        },
        {
          "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200904-0005/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2019-14892",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "jackson-databind",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions before 2.9.10"
                          },
                          {
                            "version_value": "Versions before 2.8.11.5"
                          },
                          {
                            "version_value": "Versions before 2.6.7.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Red Hat"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-502"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14892",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14892"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2462",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2462"
            },
            {
              "name": "RHSA-2020:0729",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0729"
            },
            {
              "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200904-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200904-0005/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-14892",
    "datePublished": "2020-03-02T16:28:40",
    "dateReserved": "2019-08-10T00:00:00",
    "dateUpdated": "2024-08-05T00:26:39.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20190
Vulnerability from cvelistv5
Published
2021-01-19 16:27
Modified
2024-08-03 17:30
Severity ?
Summary
A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Impacted products
n/ajackson-databind
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:30:07.468Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2854"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916633"
          },
          {
            "name": "[nifi-commits] 20210222 svn commit: r1886814 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210219-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jackson-databind",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "jackson-databind 2.9.10.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T22:55:43",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2854"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916633"
        },
        {
          "name": "[nifi-commits] 20210222 svn commit: r1886814 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210219-0008/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-20190",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "jackson-databind",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "jackson-databind 2.9.10.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-502"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2854",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2854"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1916633",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916633"
            },
            {
              "name": "[nifi-commits] 20210222 svn commit: r1886814 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210219-0008/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210219-0008/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-20190",
    "datePublished": "2021-01-19T16:27:58",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:30:07.468Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-36179
Vulnerability from cvelistv5
Published
2021-01-06 22:30
Modified
2024-08-04 17:23
Summary
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jackson-databind",
            "vendor": "fasterxml",
            "versions": [
              {
                "lessThan": "2.9.10.8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "steelstore_cloud_integrated_storage",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "agile_plm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autovue_for_agile_product_lifecycle_management",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.0.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "banking_digital_experience",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "18.3",
                "status": "affected",
                "version": "18.1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "19.2",
                "status": "affected",
                "version": "19.1",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "20.1"
              },
              {
                "lessThanOrEqual": "2.9.0",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_calendar_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.0.5.0",
                "status": "affected",
                "version": "8.0.0.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_diameter_signaling_router",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_element_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_evolved_communications_application_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_instant_messaging_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "10.0.1.4.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "6.0.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.0.3",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_session_route_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_manager_base_platform",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "13.4.0.0",
                "status": "affected",
                "version": "13.3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_analytical_applications_infrastructure",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.1.0",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_institutional_performance_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              },
              {
                "status": "affected",
                "version": "8.0.7"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_price_creation_and_discovery",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.7",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_retail_customer_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "global_lifecycle_management_opatch",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.0.1.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "insurance_policy_administration_j2ee",
            "vendor": "oracle",
            "versions": [
              {
                "lessThan": "11.1.0.15",
                "status": "affected",
                "version": "11.0.2.25",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jd_edwards_enterpriseone_orchestrator",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "9.2.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "primavera_unifier",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "16.1"
              },
              {
                "status": "affected",
                "version": "16.2"
              },
              {
                "lessThanOrEqual": "17.12",
                "status": "affected",
                "version": "17.7",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "18.8"
              },
              {
                "status": "affected",
                "version": "19.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_merchandising_system",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "15.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_sales_audit",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_service_backbone",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              },
              {
                "status": "affected",
                "version": "15.0"
              },
              {
                "status": "affected",
                "version": "16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_xstore_point_of_service",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "19.0",
                "status": "affected",
                "version": "15.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "weblogic_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.1.4.0",
                "status": "affected",
                "version": "12.2.1.3.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-36179",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-25T04:00:53.989419Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:12:24.525Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:23:09.285Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
          },
          {
            "name": "[spark-issues] 20210115 [jira] [Created] (SPARK-34124) Upgrade jackson version to fix CVE-2020-36179 in Spark 2.4",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3Cissues.spark.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:20:19",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
        },
        {
          "name": "[spark-issues] 20210115 [jira] [Created] (SPARK-34124) Upgrade jackson version to fix CVE-2020-36179 in Spark 2.4",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3Cissues.spark.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-36179",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/3004",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
            },
            {
              "name": "[spark-issues] 20210115 [jira] [Created] (SPARK-34124) Upgrade jackson version to fix CVE-2020-36179 in Spark 2.4",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436@%3Cissues.spark.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36179",
    "datePublished": "2021-01-06T22:30:38",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-04T17:23:09.285Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-14719
Vulnerability from cvelistv5
Published
2019-01-02 18:00
Modified
2024-08-05 09:38
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
References
https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/2097x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2019/03/msg00005.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:0782vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0877vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2019:0959vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2019/dsa-4452vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/May/68mailing-list, x_refsource_BUGTRAQ
https://security.netapp.com/advisory/ntap-20190530-0003/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:1782vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1797vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:1822vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1823vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2804vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3002vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:3140vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3892vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:4037vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:38:13.192Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2097"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7"
          },
          {
            "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
          },
          {
            "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "name": "RHSA-2019:0782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0782"
          },
          {
            "name": "RHSA-2019:0877",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0877"
          },
          {
            "name": "RHBA-2019:0959",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:0959"
          },
          {
            "name": "DSA-4452",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4452"
          },
          {
            "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/68"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
          },
          {
            "name": "RHSA-2019:1782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1782"
          },
          {
            "name": "RHSA-2019:1797",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1797"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "RHSA-2019:1822",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1822"
          },
          {
            "name": "RHSA-2019:1823",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1823"
          },
          {
            "name": "RHSA-2019:2804",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2804"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "name": "RHSA-2019:3002",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3002"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "name": "RHSA-2019:3140",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3140"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3892",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3892"
          },
          {
            "name": "RHSA-2019:4037",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4037"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-31T13:06:29",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2097"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7"
        },
        {
          "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
        },
        {
          "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "name": "RHSA-2019:0782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0782"
        },
        {
          "name": "RHSA-2019:0877",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0877"
        },
        {
          "name": "RHBA-2019:0959",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2019:0959"
        },
        {
          "name": "DSA-4452",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4452"
        },
        {
          "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/68"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
        },
        {
          "name": "RHSA-2019:1782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1782"
        },
        {
          "name": "RHSA-2019:1797",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1797"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "name": "RHSA-2019:1822",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1822"
        },
        {
          "name": "RHSA-2019:1823",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1823"
        },
        {
          "name": "RHSA-2019:2804",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2804"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "name": "RHSA-2019:3002",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3002"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "name": "RHSA-2019:3140",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3140"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3892",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3892"
        },
        {
          "name": "RHSA-2019:4037",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4037"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-14719",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2097",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2097"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7"
            },
            {
              "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
            },
            {
              "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "RHSA-2019:0782",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0782"
            },
            {
              "name": "RHSA-2019:0877",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0877"
            },
            {
              "name": "RHBA-2019:0959",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHBA-2019:0959"
            },
            {
              "name": "DSA-4452",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4452"
            },
            {
              "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/68"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190530-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
            },
            {
              "name": "RHSA-2019:1782",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1782"
            },
            {
              "name": "RHSA-2019:1797",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1797"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "RHSA-2019:1822",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1822"
            },
            {
              "name": "RHSA-2019:1823",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1823"
            },
            {
              "name": "RHSA-2019:2804",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2804"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "RHSA-2019:3002",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3002"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "RHSA-2019:3140",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3140"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3892",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3892"
            },
            {
              "name": "RHSA-2019:4037",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4037"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-14719",
    "datePublished": "2019-01-02T18:00:00",
    "dateReserved": "2018-07-28T00:00:00",
    "dateUpdated": "2024-08-05T09:38:13.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14062
Vulnerability from cvelistv5
Published
2020-06-14 19:42
Modified
2024-08-04 12:32
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:32:14.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2704"
          },
          {
            "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:39:11",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2704"
        },
        {
          "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-14062",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2704",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2704"
            },
            {
              "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200702-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-14062",
    "datePublished": "2020-06-14T19:42:22",
    "dateReserved": "2020-06-14T00:00:00",
    "dateUpdated": "2024-08-04T12:32:14.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-24616
Vulnerability from cvelistv5
Published
2020-08-25 17:04
Modified
2024-08-04 15:19
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:19:08.951Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2814"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:21:59",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2814"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-24616",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2814",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2814"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200904-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-24616",
    "datePublished": "2020-08-25T17:04:08",
    "dateReserved": "2020-08-25T00:00:00",
    "dateUpdated": "2024-08-04T15:19:08.951Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-14439
Vulnerability from cvelistv5
Published
2019-07-30 10:49
Modified
2024-08-05 00:19
Severity ?
Summary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
References
https://lists.debian.org/debian-lts-announce/2019/08/msg00011.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/vendor-advisory, x_refsource_FEDORA
https://www.debian.org/security/2019/dsa-4542vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Oct/6mailing-list, x_refsource_BUGTRAQ
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3200vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2x_refsource_MISC
https://security.netapp.com/advisory/ntap-20190814-0001/x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/2389x_refsource_MISC
https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125bx_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:19:41.289Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"
          },
          {
            "name": "FEDORA-2019-ae6a703b8f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
          },
          {
            "name": "FEDORA-2019-fb23eccc03",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
          },
          {
            "name": "DSA-4542",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4542"
          },
          {
            "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Oct/6"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3200",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3200"
          },
          {
            "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190814-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2389"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-15T02:23:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"
        },
        {
          "name": "FEDORA-2019-ae6a703b8f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
        },
        {
          "name": "FEDORA-2019-fb23eccc03",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
        },
        {
          "name": "DSA-4542",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4542"
        },
        {
          "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Oct/6"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3200",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3200"
        },
        {
          "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190814-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2389"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14439",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E"
            },
            {
              "name": "FEDORA-2019-ae6a703b8f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
            },
            {
              "name": "FEDORA-2019-fb23eccc03",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
            },
            {
              "name": "DSA-4542",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4542"
            },
            {
              "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Oct/6"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3200",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3200"
            },
            {
              "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190814-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190814-0001/"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2389",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2389"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14439",
    "datePublished": "2019-07-30T10:49:43",
    "dateReserved": "2019-07-30T00:00:00",
    "dateUpdated": "2024-08-05T00:19:41.289Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-12814
Vulnerability from cvelistv5
Published
2019-06-19 13:24
Modified
2024-08-04 23:32
Severity ?
Summary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.
References
https://lists.debian.org/debian-lts-announce/2019/06/msg00019.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/vendor-advisory, x_refsource_FEDORA
https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/vendor-advisory, x_refsource_FEDORA
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2937vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2935vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2936vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2938vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3044vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3045vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3050vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3046vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3200vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3292vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3297vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2341x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190625-0006/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:32:55.182Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"
          },
          {
            "name": "[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "FEDORA-2019-99ff6aa32c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
          },
          {
            "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"
          },
          {
            "name": "FEDORA-2019-ae6a703b8f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
          },
          {
            "name": "FEDORA-2019-fb23eccc03",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "name": "RHSA-2019:2937",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2937"
          },
          {
            "name": "RHSA-2019:2935",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2935"
          },
          {
            "name": "RHSA-2019:2936",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2936"
          },
          {
            "name": "RHSA-2019:2938",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2938"
          },
          {
            "name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3044",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3044"
          },
          {
            "name": "RHSA-2019:3045",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3045"
          },
          {
            "name": "RHSA-2019:3050",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3050"
          },
          {
            "name": "RHSA-2019:3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3046"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3200",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3200"
          },
          {
            "name": "RHSA-2019:3292",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3292"
          },
          {
            "name": "RHSA-2019:3297",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3297"
          },
          {
            "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2341"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190625-0006/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:57",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"
        },
        {
          "name": "[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "FEDORA-2019-99ff6aa32c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
        },
        {
          "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"
        },
        {
          "name": "FEDORA-2019-ae6a703b8f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
        },
        {
          "name": "FEDORA-2019-fb23eccc03",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "name": "RHSA-2019:2937",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2937"
        },
        {
          "name": "RHSA-2019:2935",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2935"
        },
        {
          "name": "RHSA-2019:2936",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2936"
        },
        {
          "name": "RHSA-2019:2938",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2938"
        },
        {
          "name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3044",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3044"
        },
        {
          "name": "RHSA-2019:3045",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3045"
        },
        {
          "name": "RHSA-2019:3050",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3050"
        },
        {
          "name": "RHSA-2019:3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3046"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3200",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3200"
        },
        {
          "name": "RHSA-2019:3292",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3292"
        },
        {
          "name": "RHSA-2019:3297",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3297"
        },
        {
          "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2341"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190625-0006/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12814",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"
            },
            {
              "name": "[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd@%3Ccommits.accumulo.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "FEDORA-2019-99ff6aa32c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
            },
            {
              "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E"
            },
            {
              "name": "FEDORA-2019-ae6a703b8f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
            },
            {
              "name": "FEDORA-2019-fb23eccc03",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "RHSA-2019:2937",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2937"
            },
            {
              "name": "RHSA-2019:2935",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2935"
            },
            {
              "name": "RHSA-2019:2936",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2936"
            },
            {
              "name": "RHSA-2019:2938",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2938"
            },
            {
              "name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3044",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3044"
            },
            {
              "name": "RHSA-2019:3045",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3045"
            },
            {
              "name": "RHSA-2019:3050",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3050"
            },
            {
              "name": "RHSA-2019:3046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3046"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3200",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3200"
            },
            {
              "name": "RHSA-2019:3292",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3292"
            },
            {
              "name": "RHSA-2019:3297",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3297"
            },
            {
              "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2341",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2341"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190625-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190625-0006/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12814",
    "datePublished": "2019-06-19T13:24:44",
    "dateReserved": "2019-06-13T00:00:00",
    "dateUpdated": "2024-08-04T23:32:55.182Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-14379
Vulnerability from cvelistv5
Published
2019-07-29 11:42
Modified
2024-08-05 00:19
Severity ?
Summary
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
References
https://lists.debian.org/debian-lts-announce/2019/08/msg00011.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f%40%3Ccommits.ambari.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a%40%3Ccommits.ambari.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb%40%3Ccommits.pulsar.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:2743vendor-advisory, x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/vendor-advisory, x_refsource_FEDORA
https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2937vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2935vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2936vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2938vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2998vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f%40%3Cissues.iceberg.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d%40%3Cissues.iceberg.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815%40%3Cissues.iceberg.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf%40%3Cissues.iceberg.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17%40%3Cissues.iceberg.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54%40%3Cissues.iceberg.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d%40%3Cissues.iceberg.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHBA-2019:2824vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3044vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3045vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3050vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3046vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3200vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3292vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3297vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3901vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0727vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2387x_refsource_MISC
https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2x_refsource_MISC
https://security.netapp.com/advisory/ntap-20190814-0001/x_refsource_CONFIRM
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://support.apple.com/kb/HT213189x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/Mar/23mailing-list, x_refsource_FULLDISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:19:40.551Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html"
          },
          {
            "name": "[ambari-commits] 20190813 [ambari] branch branch-2.7 updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379 (#3066)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f%40%3Ccommits.ambari.apache.org%3E"
          },
          {
            "name": "[ambari-commits] 20190813 [ambari] branch trunk updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379(trunk) (#3067)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a%40%3Ccommits.ambari.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20190822 [GitHub] [pulsar] massakam opened a new pull request #5011: [security] Upgrade jackson-databind",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "RHSA-2019:2743",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2743"
          },
          {
            "name": "FEDORA-2019-99ff6aa32c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
          },
          {
            "name": "FEDORA-2019-ae6a703b8f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
          },
          {
            "name": "FEDORA-2019-fb23eccc03",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
          },
          {
            "name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3E"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "name": "RHSA-2019:2937",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2937"
          },
          {
            "name": "RHSA-2019:2935",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2935"
          },
          {
            "name": "RHSA-2019:2936",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2936"
          },
          {
            "name": "RHSA-2019:2938",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2938"
          },
          {
            "name": "RHSA-2019:2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2998"
          },
          {
            "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue opened a new pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f%40%3Cissues.iceberg.apache.org%3E"
          },
          {
            "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah opened a new pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d%40%3Cissues.iceberg.apache.org%3E"
          },
          {
            "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815%40%3Cissues.iceberg.apache.org%3E"
          },
          {
            "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf%40%3Cissues.iceberg.apache.org%3E"
          },
          {
            "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue closed pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17%40%3Cissues.iceberg.apache.org%3E"
          },
          {
            "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue merged pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54%40%3Cissues.iceberg.apache.org%3E"
          },
          {
            "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #533: Update Jackson to 2.9.10 for CVE-2019-14379",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d%40%3Cissues.iceberg.apache.org%3E"
          },
          {
            "name": "RHBA-2019:2824",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:2824"
          },
          {
            "name": "RHSA-2019:3044",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3044"
          },
          {
            "name": "RHSA-2019:3045",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3045"
          },
          {
            "name": "RHSA-2019:3050",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3050"
          },
          {
            "name": "RHSA-2019:3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3046"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3200",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3200"
          },
          {
            "name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3292",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3292"
          },
          {
            "name": "RHSA-2019:3297",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3297"
          },
          {
            "name": "RHSA-2019:3901",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3901"
          },
          {
            "name": "RHSA-2020:0727",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0727"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2387"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190814-0001/"
          },
          {
            "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213189"
          },
          {
            "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-15T05:06:54",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html"
        },
        {
          "name": "[ambari-commits] 20190813 [ambari] branch branch-2.7 updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379 (#3066)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f%40%3Ccommits.ambari.apache.org%3E"
        },
        {
          "name": "[ambari-commits] 20190813 [ambari] branch trunk updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379(trunk) (#3067)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a%40%3Ccommits.ambari.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20190822 [GitHub] [pulsar] massakam opened a new pull request #5011: [security] Upgrade jackson-databind",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "RHSA-2019:2743",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2743"
        },
        {
          "name": "FEDORA-2019-99ff6aa32c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
        },
        {
          "name": "FEDORA-2019-ae6a703b8f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
        },
        {
          "name": "FEDORA-2019-fb23eccc03",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
        },
        {
          "name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3E"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "name": "RHSA-2019:2937",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2937"
        },
        {
          "name": "RHSA-2019:2935",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2935"
        },
        {
          "name": "RHSA-2019:2936",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2936"
        },
        {
          "name": "RHSA-2019:2938",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2938"
        },
        {
          "name": "RHSA-2019:2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2998"
        },
        {
          "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue opened a new pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f%40%3Cissues.iceberg.apache.org%3E"
        },
        {
          "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah opened a new pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d%40%3Cissues.iceberg.apache.org%3E"
        },
        {
          "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815%40%3Cissues.iceberg.apache.org%3E"
        },
        {
          "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf%40%3Cissues.iceberg.apache.org%3E"
        },
        {
          "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue closed pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17%40%3Cissues.iceberg.apache.org%3E"
        },
        {
          "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue merged pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54%40%3Cissues.iceberg.apache.org%3E"
        },
        {
          "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #533: Update Jackson to 2.9.10 for CVE-2019-14379",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d%40%3Cissues.iceberg.apache.org%3E"
        },
        {
          "name": "RHBA-2019:2824",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2019:2824"
        },
        {
          "name": "RHSA-2019:3044",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3044"
        },
        {
          "name": "RHSA-2019:3045",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3045"
        },
        {
          "name": "RHSA-2019:3050",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3050"
        },
        {
          "name": "RHSA-2019:3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3046"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3200",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3200"
        },
        {
          "name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3292",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3292"
        },
        {
          "name": "RHSA-2019:3297",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3297"
        },
        {
          "name": "RHSA-2019:3901",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3901"
        },
        {
          "name": "RHSA-2020:0727",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0727"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2387"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190814-0001/"
        },
        {
          "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT213189"
        },
        {
          "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14379",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html"
            },
            {
              "name": "[ambari-commits] 20190813 [ambari] branch branch-2.7 updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379 (#3066)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3Ccommits.ambari.apache.org%3E"
            },
            {
              "name": "[ambari-commits] 20190813 [ambari] branch trunk updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379(trunk) (#3067)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3Ccommits.ambari.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20190822 [GitHub] [pulsar] massakam opened a new pull request #5011: [security] Upgrade jackson-databind",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "RHSA-2019:2743",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2743"
            },
            {
              "name": "FEDORA-2019-99ff6aa32c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
            },
            {
              "name": "FEDORA-2019-ae6a703b8f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
            },
            {
              "name": "FEDORA-2019-fb23eccc03",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
            },
            {
              "name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "RHSA-2019:2937",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2937"
            },
            {
              "name": "RHSA-2019:2935",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2935"
            },
            {
              "name": "RHSA-2019:2936",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2936"
            },
            {
              "name": "RHSA-2019:2938",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2938"
            },
            {
              "name": "RHSA-2019:2998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2998"
            },
            {
              "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue opened a new pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f@%3Cissues.iceberg.apache.org%3E"
            },
            {
              "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah opened a new pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d@%3Cissues.iceberg.apache.org%3E"
            },
            {
              "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815@%3Cissues.iceberg.apache.org%3E"
            },
            {
              "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf@%3Cissues.iceberg.apache.org%3E"
            },
            {
              "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue closed pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17@%3Cissues.iceberg.apache.org%3E"
            },
            {
              "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue merged pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54@%3Cissues.iceberg.apache.org%3E"
            },
            {
              "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #533: Update Jackson to 2.9.10 for CVE-2019-14379",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d@%3Cissues.iceberg.apache.org%3E"
            },
            {
              "name": "RHBA-2019:2824",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHBA-2019:2824"
            },
            {
              "name": "RHSA-2019:3044",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3044"
            },
            {
              "name": "RHSA-2019:3045",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3045"
            },
            {
              "name": "RHSA-2019:3050",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3050"
            },
            {
              "name": "RHSA-2019:3046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3046"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3200",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3200"
            },
            {
              "name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3292",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3292"
            },
            {
              "name": "RHSA-2019:3297",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3297"
            },
            {
              "name": "RHSA-2019:3901",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3901"
            },
            {
              "name": "RHSA-2020:0727",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0727"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2387",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2387"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190814-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190814-0001/"
            },
            {
              "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://support.apple.com/kb/HT213189",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT213189"
            },
            {
              "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14379",
    "datePublished": "2019-07-29T11:42:42",
    "dateReserved": "2019-07-29T00:00:00",
    "dateUpdated": "2024-08-05T00:19:40.551Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-9548
Vulnerability from cvelistv5
Published
2020-03-02 03:58
Modified
2024-08-04 10:34
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
References
https://lists.debian.org/debian-lts-announce/2020/03/msg00008.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2634x_refsource_MISC
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20200904-0006/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.821Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
          },
          {
            "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2634"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:40:31",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
        },
        {
          "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2634"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-9548",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
            },
            {
              "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2634",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2634"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200904-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-9548",
    "datePublished": "2020-03-02T03:58:55",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.821Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-15095
Vulnerability from cvelistv5
Published
2018-02-06 15:00
Modified
2024-09-16 22:57
Severity ?
Summary
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
References
https://access.redhat.com/errata/RHSA-2018:1448vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/103880vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:0479vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0481vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1449vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1450vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0577vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0576vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3190vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1451vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3189vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2927vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1039769vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:0342vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0480vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1447vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0478vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2017/dsa-4037vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3892vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020/01/msg00037.htmlmailing-list, x_refsource_MLIST
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20171214-0003/x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/1737x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/1680x_refsource_CONFIRM
Impacted products
FasterXMLjackson-databind
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:50:14.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:1448",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1448"
          },
          {
            "name": "103880",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103880"
          },
          {
            "name": "RHSA-2018:0479",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0479"
          },
          {
            "name": "RHSA-2018:0481",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0481"
          },
          {
            "name": "RHSA-2018:1449",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1449"
          },
          {
            "name": "RHSA-2018:1450",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1450"
          },
          {
            "name": "RHSA-2018:0577",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0577"
          },
          {
            "name": "RHSA-2018:0576",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0576"
          },
          {
            "name": "RHSA-2017:3190",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3190"
          },
          {
            "name": "RHSA-2018:1451",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1451"
          },
          {
            "name": "RHSA-2017:3189",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3189"
          },
          {
            "name": "RHSA-2018:2927",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2927"
          },
          {
            "name": "1039769",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039769"
          },
          {
            "name": "RHSA-2018:0342",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0342"
          },
          {
            "name": "RHSA-2018:0480",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0480"
          },
          {
            "name": "RHSA-2018:1447",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1447"
          },
          {
            "name": "RHSA-2018:0478",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0478"
          },
          {
            "name": "DSA-4037",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4037"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "name": "RHSA-2019:3892",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3892"
          },
          {
            "name": "[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171214-0003/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/1737"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/1680"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jackson-databind",
          "vendor": "FasterXML",
          "versions": [
            {
              "status": "affected",
              "version": "before 2.8.10"
            },
            {
              "status": "affected",
              "version": "before 2.9.1"
            }
          ]
        }
      ],
      "datePublic": "2017-06-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-184",
              "description": "CWE-184",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:51",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2018:1448",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1448"
        },
        {
          "name": "103880",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103880"
        },
        {
          "name": "RHSA-2018:0479",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0479"
        },
        {
          "name": "RHSA-2018:0481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0481"
        },
        {
          "name": "RHSA-2018:1449",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1449"
        },
        {
          "name": "RHSA-2018:1450",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1450"
        },
        {
          "name": "RHSA-2018:0577",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0577"
        },
        {
          "name": "RHSA-2018:0576",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0576"
        },
        {
          "name": "RHSA-2017:3190",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3190"
        },
        {
          "name": "RHSA-2018:1451",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1451"
        },
        {
          "name": "RHSA-2017:3189",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3189"
        },
        {
          "name": "RHSA-2018:2927",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2927"
        },
        {
          "name": "1039769",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039769"
        },
        {
          "name": "RHSA-2018:0342",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0342"
        },
        {
          "name": "RHSA-2018:0480",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0480"
        },
        {
          "name": "RHSA-2018:1447",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1447"
        },
        {
          "name": "RHSA-2018:0478",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0478"
        },
        {
          "name": "DSA-4037",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4037"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "name": "RHSA-2019:3892",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3892"
        },
        {
          "name": "[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171214-0003/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/1737"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/1680"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "DATE_PUBLIC": "2017-06-27T00:00:00",
          "ID": "CVE-2017-15095",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "jackson-databind",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 2.8.10"
                          },
                          {
                            "version_value": "before 2.9.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FasterXML"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-184"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:1448",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1448"
            },
            {
              "name": "103880",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103880"
            },
            {
              "name": "RHSA-2018:0479",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0479"
            },
            {
              "name": "RHSA-2018:0481",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0481"
            },
            {
              "name": "RHSA-2018:1449",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1449"
            },
            {
              "name": "RHSA-2018:1450",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1450"
            },
            {
              "name": "RHSA-2018:0577",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0577"
            },
            {
              "name": "RHSA-2018:0576",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0576"
            },
            {
              "name": "RHSA-2017:3190",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3190"
            },
            {
              "name": "RHSA-2018:1451",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1451"
            },
            {
              "name": "RHSA-2017:3189",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3189"
            },
            {
              "name": "RHSA-2018:2927",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2927"
            },
            {
              "name": "1039769",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039769"
            },
            {
              "name": "RHSA-2018:0342",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0342"
            },
            {
              "name": "RHSA-2018:0480",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0480"
            },
            {
              "name": "RHSA-2018:1447",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1447"
            },
            {
              "name": "RHSA-2018:0478",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0478"
            },
            {
              "name": "DSA-4037",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4037"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "RHSA-2019:3892",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3892"
            },
            {
              "name": "[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171214-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171214-0003/"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/1737",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/issues/1737"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/1680",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/issues/1680"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-15095",
    "datePublished": "2018-02-06T15:00:00Z",
    "dateReserved": "2017-10-08T00:00:00",
    "dateUpdated": "2024-09-16T22:57:07.488Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-11619
Vulnerability from cvelistv5
Published
2020-04-07 22:14
Modified
2024-08-04 11:35
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:35:13.200Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2680"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200511-0004/"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-20T14:42:04",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2680"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200511-0004/"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11619",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2680",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2680"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200511-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200511-0004/"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11619",
    "datePublished": "2020-04-07T22:14:09",
    "dateReserved": "2020-04-07T00:00:00",
    "dateUpdated": "2024-08-04T11:35:13.200Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-17267
Vulnerability from cvelistv5
Published
2019-10-06 23:08
Modified
2024-08-05 01:33
Severity ?
Summary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
References
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3200vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2019/12/msg00013.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2020:0164vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0159vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0160vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0161vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0445vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/r9d727fc681fb3828794acbefcaee31393742b4d73a29461ccd9597a8%40%3Cdev.skywalking.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20191017-0006/x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/2460x_refsource_MISC
https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10x_refsource_MISC
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:33:17.324Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3200",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3200"
          },
          {
            "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html"
          },
          {
            "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "RHSA-2020:0164",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0164"
          },
          {
            "name": "RHSA-2020:0159",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0159"
          },
          {
            "name": "RHSA-2020:0160",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0160"
          },
          {
            "name": "RHSA-2020:0161",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0161"
          },
          {
            "name": "RHSA-2020:0445",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0445"
          },
          {
            "name": "[skywalking-dev] 20200324 [CVE-2019-17267] Upgrade jackson-databind version to 2.9.10",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9d727fc681fb3828794acbefcaee31393742b4d73a29461ccd9597a8%40%3Cdev.skywalking.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191017-0006/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2460"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10"
          },
          {
            "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:58",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3200",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3200"
        },
        {
          "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html"
        },
        {
          "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "RHSA-2020:0164",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0164"
        },
        {
          "name": "RHSA-2020:0159",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0159"
        },
        {
          "name": "RHSA-2020:0160",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0160"
        },
        {
          "name": "RHSA-2020:0161",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0161"
        },
        {
          "name": "RHSA-2020:0445",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0445"
        },
        {
          "name": "[skywalking-dev] 20200324 [CVE-2019-17267] Upgrade jackson-databind version to 2.9.10",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9d727fc681fb3828794acbefcaee31393742b4d73a29461ccd9597a8%40%3Cdev.skywalking.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191017-0006/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2460"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10"
        },
        {
          "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17267",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3200",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3200"
            },
            {
              "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html"
            },
            {
              "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "RHSA-2020:0164",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0164"
            },
            {
              "name": "RHSA-2020:0159",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0159"
            },
            {
              "name": "RHSA-2020:0160",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0160"
            },
            {
              "name": "RHSA-2020:0161",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0161"
            },
            {
              "name": "RHSA-2020:0445",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0445"
            },
            {
              "name": "[skywalking-dev] 20200324 [CVE-2019-17267] Upgrade jackson-databind version to 2.9.10",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9d727fc681fb3828794acbefcaee31393742b4d73a29461ccd9597a8@%3Cdev.skywalking.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191017-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191017-0006/"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2460",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2460"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10"
            },
            {
              "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17267",
    "datePublished": "2019-10-06T23:08:53",
    "dateReserved": "2019-10-06T00:00:00",
    "dateUpdated": "2024-08-05T01:33:17.324Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-11111
Vulnerability from cvelistv5
Published
2020-03-31 04:37
Modified
2024-08-04 11:21
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_analytical_applications_infrastructure",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.1.0",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jackson-databind",
            "vendor": "fasterxml",
            "versions": [
              {
                "lessThan": "2.9.10.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "steelstore_cloud_integrated_storage",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "agile_plm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autovue_for_agile_product_lifecycle_management",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.0.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "banking_digital_experience",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "18.3",
                "status": "affected",
                "version": "18.1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "19.2",
                "status": "affected",
                "version": "19.1",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "20.1"
              },
              {
                "lessThanOrEqual": "2.9.0",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_calendar_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.0.5.0",
                "status": "affected",
                "version": "8.0.0.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_diameter_signaling_router",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_element_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_evolved_communications_application_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_instant_messaging_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "10.0.1.4.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "6.0.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.0.3",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_session_route_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_manager_base_platform",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "13.4.0.0",
                "status": "affected",
                "version": "13.3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_institutional_performance_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              },
              {
                "status": "affected",
                "version": "8.0.7"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_price_creation_and_discovery",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.7",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_retail_customer_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "global_lifecycle_management_opatch",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.0.1.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "insurance_policy_administration_j2ee",
            "vendor": "oracle",
            "versions": [
              {
                "lessThan": "11.1.0.15",
                "status": "affected",
                "version": "11.0.2.25",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jd_edwards_enterpriseone_orchestrator",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "9.2.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "primavera_unifier",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "16.1"
              },
              {
                "status": "affected",
                "version": "16.2"
              },
              {
                "lessThanOrEqual": "17.12",
                "status": "affected",
                "version": "17.7",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "18.8"
              },
              {
                "status": "affected",
                "version": "19.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_merchandising_system",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "15.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_sales_audit",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_service_backbone",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              },
              {
                "status": "affected",
                "version": "15.0"
              },
              {
                "status": "affected",
                "version": "16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_xstore_point_of_service",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "19.0",
                "status": "affected",
                "version": "15.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "weblogic_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.1.4.0",
                "status": "affected",
                "version": "12.2.1.3.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-11111",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-25T04:00:44.621248Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:12:18.053Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:14.611Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2664"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:48",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2664"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11111",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2664",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2664"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11111",
    "datePublished": "2020-03-31T04:37:49",
    "dateReserved": "2020-03-31T00:00:00",
    "dateUpdated": "2024-08-04T11:21:14.611Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-35491
Vulnerability from cvelistv5
Published
2020-12-17 18:43
Modified
2024-08-04 17:02
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:02:08.246Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2986"
          },
          {
            "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210122-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:19:53",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2986"
        },
        {
          "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210122-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-35491",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2986",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2986"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210122-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210122-0005/"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-35491",
    "datePublished": "2020-12-17T18:43:41",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-04T17:02:08.246Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-10673
Vulnerability from cvelistv5
Published
2020-03-18 21:17
Modified
2024-08-04 11:06
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "steelstore_cloud_integrated_storage",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "agile_plm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autovue_for_agile_product_lifecycle_management",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.0.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "banking_digital_experience",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "18.3",
                "status": "affected",
                "version": "18.1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "19.2",
                "status": "affected",
                "version": "19.1",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "20.1"
              },
              {
                "lessThanOrEqual": "2.9.0",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_calendar_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.0.5.0",
                "status": "affected",
                "version": "8.0.0.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_diameter_signaling_router",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_element_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_evolved_communications_application_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_instant_messaging_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "10.0.1.4.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "6.0.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.0.3",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_session_route_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_manager_base_platform",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "13.4.0.0",
                "status": "affected",
                "version": "13.3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_analytical_applications_infrastructure",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.1.0",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_institutional_performance_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              },
              {
                "status": "affected",
                "version": "8.0.7"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_price_creation_and_discovery",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.7",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_retail_customer_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "global_lifecycle_management_opatch",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.0.1.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "insurance_policy_administration_j2ee",
            "vendor": "oracle",
            "versions": [
              {
                "lessThan": "11.1.0.15",
                "status": "affected",
                "version": "11.0.2.25",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jd_edwards_enterpriseone_orchestrator",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "9.2.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "primavera_unifier",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "16.1"
              },
              {
                "status": "affected",
                "version": "16.2"
              },
              {
                "lessThanOrEqual": "17.12",
                "status": "affected",
                "version": "17.7",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "18.8"
              },
              {
                "status": "affected",
                "version": "19.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_merchandising_system",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "15.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_sales_audit",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_service_backbone",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              },
              {
                "status": "affected",
                "version": "15.0"
              },
              {
                "status": "affected",
                "version": "16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_xstore_point_of_service",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "19.0",
                "status": "affected",
                "version": "15.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "weblogic_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.1.4.0",
                "status": "affected",
                "version": "12.2.1.3.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jackson-databind",
            "vendor": "fasterxml",
            "versions": [
              {
                "lessThan": "2.9.10.4",
                "status": "affected",
                "version": "2.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-10673",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-25T04:00:47.873963Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T19:56:37.760Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:06:10.672Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2660"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:39",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2660"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-10673",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2660",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2660"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-10673",
    "datePublished": "2020-03-18T21:17:26",
    "dateReserved": "2020-03-18T00:00:00",
    "dateUpdated": "2024-08-04T11:06:10.672Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14061
Vulnerability from cvelistv5
Published
2020-06-14 19:42
Modified
2024-08-04 12:32
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:32:14.691Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2698"
          },
          {
            "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:39:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2698"
        },
        {
          "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-14061",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2698",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2698"
            },
            {
              "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200702-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-14061",
    "datePublished": "2020-06-14T19:42:39",
    "dateReserved": "2020-06-14T00:00:00",
    "dateUpdated": "2024-08-04T12:32:14.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-19362
Vulnerability from cvelistv5
Published
2019-01-02 18:00
Modified
2024-08-05 11:37
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
References
https://github.com/FasterXML/jackson-databind/issues/2186x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2019/03/msg00005.htmlmailing-list, x_refsource_MLIST
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8x_refsource_CONFIRM
https://issues.apache.org/jira/browse/TINKERPOP-2121x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2bx_refsource_CONFIRM
https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:0782vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0877vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2019:0959vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2019/dsa-4452vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/May/68mailing-list, x_refsource_BUGTRAQ
https://security.netapp.com/advisory/ntap-20190530-0003/x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:1782vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1797vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
http://www.securityfocus.com/bid/107985vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2019:1822vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1823vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2804vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3002vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:3140vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3892vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:4037vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:37:09.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2186"
          },
          {
            "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.apache.org/jira/browse/TINKERPOP-2121"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
          },
          {
            "name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "name": "RHSA-2019:0782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0782"
          },
          {
            "name": "RHSA-2019:0877",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0877"
          },
          {
            "name": "RHBA-2019:0959",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:0959"
          },
          {
            "name": "DSA-4452",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4452"
          },
          {
            "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/68"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
          },
          {
            "name": "RHSA-2019:1782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1782"
          },
          {
            "name": "RHSA-2019:1797",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1797"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "107985",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107985"
          },
          {
            "name": "RHSA-2019:1822",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1822"
          },
          {
            "name": "RHSA-2019:1823",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1823"
          },
          {
            "name": "RHSA-2019:2804",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2804"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "name": "RHSA-2019:3002",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3002"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "name": "RHSA-2019:3140",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3140"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3892",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3892"
          },
          {
            "name": "RHSA-2019:4037",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4037"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-11-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-31T13:06:15",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2186"
        },
        {
          "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.apache.org/jira/browse/TINKERPOP-2121"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
        },
        {
          "name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "name": "RHSA-2019:0782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0782"
        },
        {
          "name": "RHSA-2019:0877",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0877"
        },
        {
          "name": "RHBA-2019:0959",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2019:0959"
        },
        {
          "name": "DSA-4452",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4452"
        },
        {
          "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/68"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
        },
        {
          "name": "RHSA-2019:1782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1782"
        },
        {
          "name": "RHSA-2019:1797",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1797"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "name": "107985",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107985"
        },
        {
          "name": "RHSA-2019:1822",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1822"
        },
        {
          "name": "RHSA-2019:1823",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1823"
        },
        {
          "name": "RHSA-2019:2804",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2804"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "name": "RHSA-2019:3002",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3002"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "name": "RHSA-2019:3140",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3140"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3892",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3892"
        },
        {
          "name": "RHSA-2019:4037",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4037"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-19362",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2186",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2186"
            },
            {
              "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
            },
            {
              "name": "https://issues.apache.org/jira/browse/TINKERPOP-2121",
              "refsource": "CONFIRM",
              "url": "https://issues.apache.org/jira/browse/TINKERPOP-2121"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
            },
            {
              "name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "RHSA-2019:0782",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0782"
            },
            {
              "name": "RHSA-2019:0877",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0877"
            },
            {
              "name": "RHBA-2019:0959",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHBA-2019:0959"
            },
            {
              "name": "DSA-4452",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4452"
            },
            {
              "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/68"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190530-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
            },
            {
              "name": "RHSA-2019:1782",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1782"
            },
            {
              "name": "RHSA-2019:1797",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1797"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "107985",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107985"
            },
            {
              "name": "RHSA-2019:1822",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1822"
            },
            {
              "name": "RHSA-2019:1823",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1823"
            },
            {
              "name": "RHSA-2019:2804",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2804"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "RHSA-2019:3002",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3002"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "RHSA-2019:3140",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3140"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3892",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3892"
            },
            {
              "name": "RHSA-2019:4037",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4037"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-19362",
    "datePublished": "2019-01-02T18:00:00",
    "dateReserved": "2018-11-19T00:00:00",
    "dateUpdated": "2024-08-05T11:37:09.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-11307
Vulnerability from cvelistv5
Published
2019-07-09 15:37
Modified
2024-08-05 08:01
Severity ?
Summary
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.
References
https://access.redhat.com/errata/RHSA-2019:1822vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1823vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2804vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d%40%3Cissues.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3002vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3140vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3892vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:4037vendor-advisory, x_refsource_REDHAT
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2017-7525x_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:0782x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/2032x_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:01:52.866Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2019:1822",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1822"
          },
          {
            "name": "RHSA-2019:1823",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1823"
          },
          {
            "name": "RHSA-2019:2804",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2804"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "name": "[lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d%40%3Cissues.lucene.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3002",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3002"
          },
          {
            "name": "RHSA-2019:3140",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3140"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3892",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3892"
          },
          {
            "name": "RHSA-2019:4037",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4037"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0782"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2032"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:53",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2019:1822",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1822"
        },
        {
          "name": "RHSA-2019:1823",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1823"
        },
        {
          "name": "RHSA-2019:2804",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2804"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "name": "[lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d%40%3Cissues.lucene.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3002",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3002"
        },
        {
          "name": "RHSA-2019:3140",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3140"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3892",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3892"
        },
        {
          "name": "RHSA-2019:4037",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4037"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0782"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2032"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-11307",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2019:1822",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1822"
            },
            {
              "name": "RHSA-2019:1823",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1823"
            },
            {
              "name": "RHSA-2019:2804",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2804"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "[lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3002",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3002"
            },
            {
              "name": "RHSA-2019:3140",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3140"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3892",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3892"
            },
            {
              "name": "RHSA-2019:4037",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4037"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525",
              "refsource": "MISC",
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525"
            },
            {
              "name": "https://access.redhat.com/errata/RHSA-2019:0782",
              "refsource": "CONFIRM",
              "url": "https://access.redhat.com/errata/RHSA-2019:0782"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2032",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2032"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-11307",
    "datePublished": "2019-07-09T15:37:25",
    "dateReserved": "2018-05-18T00:00:00",
    "dateUpdated": "2024-08-05T08:01:52.866Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-25649
Vulnerability from cvelistv5
Published
2020-12-03 16:16
Modified
2024-08-04 15:40
Severity ?
Summary
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1887664x_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2589x_refsource_MISC
https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/vendor-advisory, x_refsource_FEDORA
https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3Ex_refsource_MISC
https://security.netapp.com/advisory/ntap-20210108-0007/x_refsource_CONFIRM
https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
Impacted products
n/ajackson-databind
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:40:36.648Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2589"
          },
          {
            "name": "[kafka-jira] 20201205 [GitHub] [kafka] sirocchj opened a new pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20201208 [GitHub] [druid] jihoonson opened a new pull request #10655: Bump up jackson-databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20201209 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20201209 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20201210 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma merged pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] edwin092 opened a new pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210106 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] asfgit closed pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] nkalmar commented on pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210116 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "FEDORA-2021-1d8254899c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/"
          },
          {
            "name": "[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre merged pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-commits] 20210217 [karaf] branch master updated: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre commented on pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20210223 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20210315 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20210316 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[turbine-commits] 20210316 svn commit: r1887732 - in /turbine/fulcrum/trunk/json: ./ jackson/ jackson/src/test/org/apache/fulcrum/json/jackson/ jackson2/ jackson2/src/test/org/apache/fulcrum/json/jackson/ jackson2/src/test/org/apache/fulcrum/json/jackson/mixins/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E"
          },
          {
            "name": "[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3E"
          },
          {
            "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 opened a new pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3E"
          },
          {
            "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 closed pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3E"
          },
          {
            "name": "[iotdb-commits] 20210325 [iotdb] branch master updated: [IOTDB-1256] upgrade Jackson to 2.11.0 because of loopholes CVE-2020-25649 (#2896)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3E"
          },
          {
            "name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] jixuan1989 merged pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20210514 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[knox-dev] 20210601 [jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3E"
          },
          {
            "name": "[knox-dev] 20210601 [jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210108-0007/"
          },
          {
            "name": "[spark-user] 20210621 Re: CVEs",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20211012 [jira] [Resolved] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20211012 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jackson-databind",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "jackson-databind-2.11.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:15:31",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2589"
        },
        {
          "name": "[kafka-jira] 20201205 [GitHub] [kafka] sirocchj opened a new pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20201208 [GitHub] [druid] jihoonson opened a new pull request #10655: Bump up jackson-databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20201209 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20201209 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20201210 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma merged pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] edwin092 opened a new pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210106 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] asfgit closed pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] nkalmar commented on pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210116 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3E"
        },
        {
          "name": "[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "FEDORA-2021-1d8254899c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/"
        },
        {
          "name": "[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre merged pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-commits] 20210217 [karaf] branch master updated: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre commented on pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20210223 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20210315 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20210316 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[turbine-commits] 20210316 svn commit: r1887732 - in /turbine/fulcrum/trunk/json: ./ jackson/ jackson/src/test/org/apache/fulcrum/json/jackson/ jackson2/ jackson2/src/test/org/apache/fulcrum/json/jackson/ jackson2/src/test/org/apache/fulcrum/json/jackson/mixins/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E"
        },
        {
          "name": "[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3E"
        },
        {
          "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 opened a new pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3E"
        },
        {
          "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 closed pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3E"
        },
        {
          "name": "[iotdb-commits] 20210325 [iotdb] branch master updated: [IOTDB-1256] upgrade Jackson to 2.11.0 because of loopholes CVE-2020-25649 (#2896)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3E"
        },
        {
          "name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] jixuan1989 merged pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20210514 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[knox-dev] 20210601 [jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3E"
        },
        {
          "name": "[knox-dev] 20210601 [jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210108-0007/"
        },
        {
          "name": "[spark-user] 20210621 Re: CVEs",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20211012 [jira] [Resolved] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20211012 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-25649",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "jackson-databind",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "jackson-databind-2.11.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-611"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2589",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2589"
            },
            {
              "name": "[kafka-jira] 20201205 [GitHub] [kafka] sirocchj opened a new pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20201208 [GitHub] [druid] jihoonson opened a new pull request #10655: Bump up jackson-databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20201209 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20201209 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20201210 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cusers.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma merged pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cusers.kafka.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] edwin092 opened a new pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210106 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] asfgit closed pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] nkalmar commented on pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210116 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "FEDORA-2021-1d8254899c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/"
            },
            {
              "name": "[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3Ccommits.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre merged pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3Ccommits.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-commits] 20210217 [karaf] branch master updated: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3Ccommits.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre commented on pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3Ccommits.karaf.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3Cdev.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210223 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210315 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210316 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[turbine-commits] 20210316 svn commit: r1887732 - in /turbine/fulcrum/trunk/json: ./ jackson/ jackson/src/test/org/apache/fulcrum/json/jackson/ jackson2/ jackson2/src/test/org/apache/fulcrum/json/jackson/ jackson2/src/test/org/apache/fulcrum/json/jackson/mixins/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3Ccommits.turbine.apache.org%3E"
            },
            {
              "name": "[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3Cnotifications.iotdb.apache.org%3E"
            },
            {
              "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 opened a new pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3Creviews.iotdb.apache.org%3E"
            },
            {
              "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 closed pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3Creviews.iotdb.apache.org%3E"
            },
            {
              "name": "[iotdb-commits] 20210325 [iotdb] branch master updated: [IOTDB-1256] upgrade Jackson to 2.11.0 because of loopholes CVE-2020-25649 (#2896)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3Ccommits.iotdb.apache.org%3E"
            },
            {
              "name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] jixuan1989 merged pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3Creviews.iotdb.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210514 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[knox-dev] 20210601 [jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3Cdev.knox.apache.org%3E"
            },
            {
              "name": "[knox-dev] 20210601 [jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3Cdev.knox.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210108-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210108-0007/"
            },
            {
              "name": "[spark-user] 20210621 Re: CVEs",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20211012 [jira] [Resolved] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20211012 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-25649",
    "datePublished": "2020-12-03T16:16:50",
    "dateReserved": "2020-09-16T00:00:00",
    "dateUpdated": "2024-08-04T15:40:36.648Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-36187
Vulnerability from cvelistv5
Published
2021-01-06 22:29
Modified
2024-08-04 17:23
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:23:09.266Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2997"
          },
          {
            "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:21:52",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2997"
        },
        {
          "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-36187",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2997",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2997"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36187",
    "datePublished": "2021-01-06T22:29:44",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-04T17:23:09.266Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-14720
Vulnerability from cvelistv5
Published
2019-01-02 18:00
Modified
2024-08-05 09:38
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
References
https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/2097x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2019/03/msg00005.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286%40%3Cdev.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f%40%3Cdev.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df%40%3Cdev.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:0782vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2019:0959vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1107vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1108vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1106vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1140vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2019/dsa-4452vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/May/68mailing-list, x_refsource_BUGTRAQ
https://security.netapp.com/advisory/ntap-20190530-0003/x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:1822vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1823vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3892vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:4037vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:38:13.593Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2097"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7"
          },
          {
            "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
          },
          {
            "name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286%40%3Cdev.lucene.apache.org%3E"
          },
          {
            "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f%40%3Cdev.lucene.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df%40%3Cdev.lucene.apache.org%3E"
          },
          {
            "name": "RHSA-2019:0782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0782"
          },
          {
            "name": "RHBA-2019:0959",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:0959"
          },
          {
            "name": "RHSA-2019:1107",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1107"
          },
          {
            "name": "RHSA-2019:1108",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1108"
          },
          {
            "name": "RHSA-2019:1106",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1106"
          },
          {
            "name": "RHSA-2019:1140",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1140"
          },
          {
            "name": "DSA-4452",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4452"
          },
          {
            "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/68"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "RHSA-2019:1822",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1822"
          },
          {
            "name": "RHSA-2019:1823",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1823"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3892",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3892"
          },
          {
            "name": "RHSA-2019:4037",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4037"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-31T13:06:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2097"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7"
        },
        {
          "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
        },
        {
          "name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286%40%3Cdev.lucene.apache.org%3E"
        },
        {
          "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f%40%3Cdev.lucene.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df%40%3Cdev.lucene.apache.org%3E"
        },
        {
          "name": "RHSA-2019:0782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0782"
        },
        {
          "name": "RHBA-2019:0959",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2019:0959"
        },
        {
          "name": "RHSA-2019:1107",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1107"
        },
        {
          "name": "RHSA-2019:1108",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1108"
        },
        {
          "name": "RHSA-2019:1106",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1106"
        },
        {
          "name": "RHSA-2019:1140",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1140"
        },
        {
          "name": "DSA-4452",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4452"
        },
        {
          "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/68"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "name": "RHSA-2019:1822",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1822"
        },
        {
          "name": "RHSA-2019:1823",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1823"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3892",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3892"
        },
        {
          "name": "RHSA-2019:4037",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4037"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-14720",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2097",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2097"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7"
            },
            {
              "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
            },
            {
              "name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E"
            },
            {
              "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E"
            },
            {
              "name": "RHSA-2019:0782",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0782"
            },
            {
              "name": "RHBA-2019:0959",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHBA-2019:0959"
            },
            {
              "name": "RHSA-2019:1107",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1107"
            },
            {
              "name": "RHSA-2019:1108",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1108"
            },
            {
              "name": "RHSA-2019:1106",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1106"
            },
            {
              "name": "RHSA-2019:1140",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1140"
            },
            {
              "name": "DSA-4452",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4452"
            },
            {
              "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/68"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190530-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "RHSA-2019:1822",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1822"
            },
            {
              "name": "RHSA-2019:1823",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1823"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3892",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3892"
            },
            {
              "name": "RHSA-2019:4037",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4037"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-14720",
    "datePublished": "2019-01-02T18:00:00",
    "dateReserved": "2018-07-28T00:00:00",
    "dateUpdated": "2024-08-05T09:38:13.593Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-7525
Vulnerability from cvelistv5
Published
2018-02-06 15:00
Modified
2024-09-17 02:21
Severity ?
Summary
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
References
http://www.securitytracker.com/id/1040360vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1840vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2547vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1836vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1835vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1449vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1039744vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id/1039947vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:2635vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2638vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1450vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3458vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0294vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1837vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1834vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2546vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2636vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3455vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2477vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3456vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0342vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1839vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/99623vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:2637vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3454vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2017/dsa-4004vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3141vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2633vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486%40%3Cdev.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f%40%3Cdev.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6%40%3Cdev.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913%40%3Cdev.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346%40%3Cdev.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:0910vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399%40%3Csolr-user.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87%40%3Csolr-user.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020/01/msg00037.htmlmailing-list, x_refsource_MLIST
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020/08/msg00039.htmlmailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_usx_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/1723x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/1599x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1462702x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20171214-0002/x_refsource_CONFIRM
https://cwiki.apache.org/confluence/display/WW/S2-055x_refsource_CONFIRM
https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3Emailing-list, x_refsource_MLIST
Impacted products
FasterXMLjackson-databind
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.868Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040360",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040360"
          },
          {
            "name": "RHSA-2017:1840",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1840"
          },
          {
            "name": "RHSA-2017:2547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2547"
          },
          {
            "name": "RHSA-2017:1836",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1836"
          },
          {
            "name": "RHSA-2017:1835",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1835"
          },
          {
            "name": "RHSA-2018:1449",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1449"
          },
          {
            "name": "1039744",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039744"
          },
          {
            "name": "1039947",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039947"
          },
          {
            "name": "RHSA-2017:2635",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2635"
          },
          {
            "name": "RHSA-2017:2638",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2638"
          },
          {
            "name": "RHSA-2018:1450",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1450"
          },
          {
            "name": "RHSA-2017:3458",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3458"
          },
          {
            "name": "RHSA-2018:0294",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0294"
          },
          {
            "name": "RHSA-2017:1837",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1837"
          },
          {
            "name": "RHSA-2017:1834",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1834"
          },
          {
            "name": "RHSA-2017:2546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2546"
          },
          {
            "name": "RHSA-2017:2636",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2636"
          },
          {
            "name": "RHSA-2017:3455",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3455"
          },
          {
            "name": "RHSA-2017:2477",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2477"
          },
          {
            "name": "RHSA-2017:3456",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3456"
          },
          {
            "name": "RHSA-2018:0342",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0342"
          },
          {
            "name": "RHSA-2017:1839",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1839"
          },
          {
            "name": "99623",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99623"
          },
          {
            "name": "RHSA-2017:2637",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2637"
          },
          {
            "name": "RHSA-2017:3454",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3454"
          },
          {
            "name": "DSA-4004",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4004"
          },
          {
            "name": "RHSA-2017:3141",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3141"
          },
          {
            "name": "RHSA-2017:2633",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2633"
          },
          {
            "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
          },
          {
            "name": "[lucene-dev] 20190325 [jira] [Closed] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486%40%3Cdev.lucene.apache.org%3E"
          },
          {
            "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f%40%3Cdev.lucene.apache.org%3E"
          },
          {
            "name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6%40%3Cdev.lucene.apache.org%3E"
          },
          {
            "name": "[lucene-dev] 20190325 [jira] [Resolved] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913%40%3Cdev.lucene.apache.org%3E"
          },
          {
            "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346%40%3Cdev.lucene.apache.org%3E"
          },
          {
            "name": "RHSA-2019:0910",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0910"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[lucene-solr-user] 20191218 CVE-2017-7525 fix for Solr 7.7.x",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399%40%3Csolr-user.lucene.apache.org%3E"
          },
          {
            "name": "[lucene-solr-user] 20191218 Re: CVE-2017-7525 fix for Solr 7.7.x",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87%40%3Csolr-user.lucene.apache.org%3E"
          },
          {
            "name": "[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "[debian-lts-announce] 20200824 [SECURITY] [DLA 2342-1] libjackson-json-java security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/1723"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/1599"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171214-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cwiki.apache.org/confluence/display/WW/S2-055"
          },
          {
            "name": "[spark-issues] 20210223 [jira] [Created] (SPARK-34511) Current Security vulnerabilities in spark libraries",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3E"
          },
          {
            "name": "[cassandra-commits] 20210927 [jira] [Commented] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3E"
          },
          {
            "name": "[cassandra-commits] 20210927 [jira] [Updated] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jackson-databind",
          "vendor": "FasterXML",
          "versions": [
            {
              "status": "affected",
              "version": "before 2.6.7.1"
            },
            {
              "status": "affected",
              "version": "before 2.7.9.1"
            },
            {
              "status": "affected",
              "version": "before 2.8.9"
            }
          ]
        }
      ],
      "datePublic": "2017-04-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-184",
              "description": "CWE-184",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-27T17:06:10",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "1040360",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040360"
        },
        {
          "name": "RHSA-2017:1840",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1840"
        },
        {
          "name": "RHSA-2017:2547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2547"
        },
        {
          "name": "RHSA-2017:1836",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1836"
        },
        {
          "name": "RHSA-2017:1835",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1835"
        },
        {
          "name": "RHSA-2018:1449",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1449"
        },
        {
          "name": "1039744",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039744"
        },
        {
          "name": "1039947",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039947"
        },
        {
          "name": "RHSA-2017:2635",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2635"
        },
        {
          "name": "RHSA-2017:2638",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2638"
        },
        {
          "name": "RHSA-2018:1450",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1450"
        },
        {
          "name": "RHSA-2017:3458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3458"
        },
        {
          "name": "RHSA-2018:0294",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0294"
        },
        {
          "name": "RHSA-2017:1837",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1837"
        },
        {
          "name": "RHSA-2017:1834",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1834"
        },
        {
          "name": "RHSA-2017:2546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2546"
        },
        {
          "name": "RHSA-2017:2636",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2636"
        },
        {
          "name": "RHSA-2017:3455",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3455"
        },
        {
          "name": "RHSA-2017:2477",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2477"
        },
        {
          "name": "RHSA-2017:3456",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3456"
        },
        {
          "name": "RHSA-2018:0342",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0342"
        },
        {
          "name": "RHSA-2017:1839",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1839"
        },
        {
          "name": "99623",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99623"
        },
        {
          "name": "RHSA-2017:2637",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2637"
        },
        {
          "name": "RHSA-2017:3454",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3454"
        },
        {
          "name": "DSA-4004",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4004"
        },
        {
          "name": "RHSA-2017:3141",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3141"
        },
        {
          "name": "RHSA-2017:2633",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2633"
        },
        {
          "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
        },
        {
          "name": "[lucene-dev] 20190325 [jira] [Closed] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486%40%3Cdev.lucene.apache.org%3E"
        },
        {
          "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f%40%3Cdev.lucene.apache.org%3E"
        },
        {
          "name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6%40%3Cdev.lucene.apache.org%3E"
        },
        {
          "name": "[lucene-dev] 20190325 [jira] [Resolved] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913%40%3Cdev.lucene.apache.org%3E"
        },
        {
          "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346%40%3Cdev.lucene.apache.org%3E"
        },
        {
          "name": "RHSA-2019:0910",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0910"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[lucene-solr-user] 20191218 CVE-2017-7525 fix for Solr 7.7.x",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399%40%3Csolr-user.lucene.apache.org%3E"
        },
        {
          "name": "[lucene-solr-user] 20191218 Re: CVE-2017-7525 fix for Solr 7.7.x",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87%40%3Csolr-user.lucene.apache.org%3E"
        },
        {
          "name": "[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "name": "[debian-lts-announce] 20200824 [SECURITY] [DLA 2342-1] libjackson-json-java security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/1723"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/1599"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171214-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cwiki.apache.org/confluence/display/WW/S2-055"
        },
        {
          "name": "[spark-issues] 20210223 [jira] [Created] (SPARK-34511) Current Security vulnerabilities in spark libraries",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3E"
        },
        {
          "name": "[cassandra-commits] 20210927 [jira] [Commented] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3E"
        },
        {
          "name": "[cassandra-commits] 20210927 [jira] [Updated] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "DATE_PUBLIC": "2017-04-11T00:00:00",
          "ID": "CVE-2017-7525",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "jackson-databind",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 2.6.7.1"
                          },
                          {
                            "version_value": "before 2.7.9.1"
                          },
                          {
                            "version_value": "before 2.8.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FasterXML"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-184"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040360",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040360"
            },
            {
              "name": "RHSA-2017:1840",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1840"
            },
            {
              "name": "RHSA-2017:2547",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2547"
            },
            {
              "name": "RHSA-2017:1836",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1836"
            },
            {
              "name": "RHSA-2017:1835",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1835"
            },
            {
              "name": "RHSA-2018:1449",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1449"
            },
            {
              "name": "1039744",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039744"
            },
            {
              "name": "1039947",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039947"
            },
            {
              "name": "RHSA-2017:2635",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2635"
            },
            {
              "name": "RHSA-2017:2638",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2638"
            },
            {
              "name": "RHSA-2018:1450",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1450"
            },
            {
              "name": "RHSA-2017:3458",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3458"
            },
            {
              "name": "RHSA-2018:0294",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0294"
            },
            {
              "name": "RHSA-2017:1837",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1837"
            },
            {
              "name": "RHSA-2017:1834",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1834"
            },
            {
              "name": "RHSA-2017:2546",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2546"
            },
            {
              "name": "RHSA-2017:2636",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2636"
            },
            {
              "name": "RHSA-2017:3455",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3455"
            },
            {
              "name": "RHSA-2017:2477",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2477"
            },
            {
              "name": "RHSA-2017:3456",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3456"
            },
            {
              "name": "RHSA-2018:0342",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0342"
            },
            {
              "name": "RHSA-2017:1839",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1839"
            },
            {
              "name": "99623",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99623"
            },
            {
              "name": "RHSA-2017:2637",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2637"
            },
            {
              "name": "RHSA-2017:3454",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3454"
            },
            {
              "name": "DSA-4004",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4004"
            },
            {
              "name": "RHSA-2017:3141",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3141"
            },
            {
              "name": "RHSA-2017:2633",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2633"
            },
            {
              "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"
            },
            {
              "name": "[lucene-dev] 20190325 [jira] [Closed] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E"
            },
            {
              "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E"
            },
            {
              "name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E"
            },
            {
              "name": "[lucene-dev] 20190325 [jira] [Resolved] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E"
            },
            {
              "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3E"
            },
            {
              "name": "RHSA-2019:0910",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0910"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[lucene-solr-user] 20191218 CVE-2017-7525 fix for Solr 7.7.x",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E"
            },
            {
              "name": "[lucene-solr-user] 20191218 Re: CVE-2017-7525 fix for Solr 7.7.x",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E"
            },
            {
              "name": "[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "[debian-lts-announce] 20200824 [SECURITY] [DLA 2342-1] libjackson-json-java security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/1723",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/issues/1723"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/1599",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/issues/1599"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171214-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171214-0002/"
            },
            {
              "name": "https://cwiki.apache.org/confluence/display/WW/S2-055",
              "refsource": "CONFIRM",
              "url": "https://cwiki.apache.org/confluence/display/WW/S2-055"
            },
            {
              "name": "[spark-issues] 20210223 [jira] [Created] (SPARK-34511) Current Security vulnerabilities in spark libraries",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3E"
            },
            {
              "name": "[cassandra-commits] 20210927 [jira] [Commented] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E"
            },
            {
              "name": "[cassandra-commits] 20210927 [jira] [Updated] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-7525",
    "datePublished": "2018-02-06T15:00:00Z",
    "dateReserved": "2017-04-05T00:00:00",
    "dateUpdated": "2024-09-17T02:21:29.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-12022
Vulnerability from cvelistv5
Published
2019-03-17 18:14
Modified
2024-08-05 08:24
Severity ?
Summary
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
References
https://access.redhat.com/errata/RHSA-2019:0782vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0877vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2019:0959vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1107vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1108vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1106vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1140vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2019/dsa-4452vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/May/68mailing-list, x_refsource_BUGTRAQ
https://access.redhat.com/errata/RHSA-2019:1782vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1797vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/107585vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2019:1822vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1823vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2804vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d%40%3Cissues.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3002vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3140vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3892vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:4037vendor-advisory, x_refsource_REDHAT
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/x_refsource_MISC
https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdfx_refsource_MISC
https://security.netapp.com/advisory/ntap-20190530-0003/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1671098x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/2052x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226ax_refsource_CONFIRM
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:24:03.619Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2019:0782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0782"
          },
          {
            "name": "RHSA-2019:0877",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0877"
          },
          {
            "name": "RHBA-2019:0959",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:0959"
          },
          {
            "name": "RHSA-2019:1107",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1107"
          },
          {
            "name": "RHSA-2019:1108",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1108"
          },
          {
            "name": "RHSA-2019:1106",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1106"
          },
          {
            "name": "RHSA-2019:1140",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1140"
          },
          {
            "name": "DSA-4452",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4452"
          },
          {
            "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/68"
          },
          {
            "name": "RHSA-2019:1782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1782"
          },
          {
            "name": "RHSA-2019:1797",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1797"
          },
          {
            "name": "107585",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107585"
          },
          {
            "name": "RHSA-2019:1822",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1822"
          },
          {
            "name": "RHSA-2019:1823",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1823"
          },
          {
            "name": "RHSA-2019:2804",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2804"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "name": "[lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d%40%3Cissues.lucene.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3002",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3002"
          },
          {
            "name": "RHSA-2019:3140",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3140"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3892",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3892"
          },
          {
            "name": "RHSA-2019:4037",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4037"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671098"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2052"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:53",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2019:0782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0782"
        },
        {
          "name": "RHSA-2019:0877",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0877"
        },
        {
          "name": "RHBA-2019:0959",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2019:0959"
        },
        {
          "name": "RHSA-2019:1107",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1107"
        },
        {
          "name": "RHSA-2019:1108",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1108"
        },
        {
          "name": "RHSA-2019:1106",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1106"
        },
        {
          "name": "RHSA-2019:1140",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1140"
        },
        {
          "name": "DSA-4452",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4452"
        },
        {
          "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/68"
        },
        {
          "name": "RHSA-2019:1782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1782"
        },
        {
          "name": "RHSA-2019:1797",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1797"
        },
        {
          "name": "107585",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107585"
        },
        {
          "name": "RHSA-2019:1822",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1822"
        },
        {
          "name": "RHSA-2019:1823",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1823"
        },
        {
          "name": "RHSA-2019:2804",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2804"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "name": "[lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d%40%3Cissues.lucene.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3002",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3002"
        },
        {
          "name": "RHSA-2019:3140",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3140"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3892",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3892"
        },
        {
          "name": "RHSA-2019:4037",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4037"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671098"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2052"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-12022",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2019:0782",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0782"
            },
            {
              "name": "RHSA-2019:0877",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0877"
            },
            {
              "name": "RHBA-2019:0959",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHBA-2019:0959"
            },
            {
              "name": "RHSA-2019:1107",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1107"
            },
            {
              "name": "RHSA-2019:1108",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1108"
            },
            {
              "name": "RHSA-2019:1106",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1106"
            },
            {
              "name": "RHSA-2019:1140",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1140"
            },
            {
              "name": "DSA-4452",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4452"
            },
            {
              "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/68"
            },
            {
              "name": "RHSA-2019:1782",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1782"
            },
            {
              "name": "RHSA-2019:1797",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1797"
            },
            {
              "name": "107585",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107585"
            },
            {
              "name": "RHSA-2019:1822",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1822"
            },
            {
              "name": "RHSA-2019:1823",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1823"
            },
            {
              "name": "RHSA-2019:2804",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2804"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "[lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3002",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3002"
            },
            {
              "name": "RHSA-2019:3140",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3140"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3892",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3892"
            },
            {
              "name": "RHSA-2019:4037",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4037"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/",
              "refsource": "MISC",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/"
            },
            {
              "name": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf",
              "refsource": "MISC",
              "url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190530-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1671098",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671098"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2052",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2052"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-12022",
    "datePublished": "2019-03-17T18:14:21",
    "dateReserved": "2018-06-07T00:00:00",
    "dateUpdated": "2024-08-05T08:24:03.619Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-35728
Vulnerability from cvelistv5
Published
2020-12-27 04:32
Modified
2024-08-04 17:09
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:09:15.179Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2999"
          },
          {
            "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210129-0007/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:20:08",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2999"
        },
        {
          "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210129-0007/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-35728",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2999",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2999"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210129-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210129-0007/"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-35728",
    "datePublished": "2020-12-27T04:32:36",
    "dateReserved": "2020-12-27T00:00:00",
    "dateUpdated": "2024-08-04T17:09:15.179Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-11113
Vulnerability from cvelistv5
Published
2020-03-31 04:37
Modified
2024-08-04 11:21
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jackson-databind",
            "vendor": "fasterxml",
            "versions": [
              {
                "lessThan": "2.9.10.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "steelstore_cloud_integrated_storage",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "agile_plm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autovue_for_agile_product_lifecycle_management",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.0.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "banking_digital_experience",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "18.3",
                "status": "affected",
                "version": "18.1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "19.2",
                "status": "affected",
                "version": "19.1",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "20.1"
              },
              {
                "lessThanOrEqual": "2.9.0",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_calendar_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.0.5.0",
                "status": "affected",
                "version": "8.0.0.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_diameter_signaling_router",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_element_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_evolved_communications_application_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_instant_messaging_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "10.0.1.4.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "6.0.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.0.3",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_session_route_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_manager_base_platform",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "13.4.0.0",
                "status": "affected",
                "version": "13.3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_analytical_applications_infrastructure",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.1.0",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_institutional_performance_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              },
              {
                "status": "affected",
                "version": "8.0.7"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_price_creation_and_discovery",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.7",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_retail_customer_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "global_lifecycle_management_opatch",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.0.1.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "insurance_policy_administration_j2ee",
            "vendor": "oracle",
            "versions": [
              {
                "lessThan": "11.1.0.15",
                "status": "affected",
                "version": "11.0.2.25",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jd_edwards_enterpriseone_orchestrator",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "9.2.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "primavera_unifier",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "16.1"
              },
              {
                "status": "affected",
                "version": "16.2"
              },
              {
                "lessThanOrEqual": "17.12",
                "status": "affected",
                "version": "17.7",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "18.8"
              },
              {
                "status": "affected",
                "version": "19.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_merchandising_system",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "15.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_sales_audit",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_service_backbone",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              },
              {
                "status": "affected",
                "version": "15.0"
              },
              {
                "status": "affected",
                "version": "16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_xstore_point_of_service",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "19.0",
                "status": "affected",
                "version": "15.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "weblogic_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.1.4.0",
                "status": "affected",
                "version": "12.2.1.3.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-11113",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-25T04:00:43.551763Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:12:17.648Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:14.618Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2670"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:50",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2670"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11113",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2670",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2670"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11113",
    "datePublished": "2020-03-31T04:37:27",
    "dateReserved": "2020-03-31T00:00:00",
    "dateUpdated": "2024-08-04T11:21:14.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-17485
Vulnerability from cvelistv5
Published
2018-01-10 18:00
Modified
2024-08-05 20:51
Severity ?
Summary
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.
References
https://access.redhat.com/errata/RHSA-2018:1448vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0479vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0481vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1449vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1450vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1451vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0116vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0342vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/archive/1/541652/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://access.redhat.com/errata/RHSA-2018:0480vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1447vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4114vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0478vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2930vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1782vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1797vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3892vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20180201-0003/x_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_usx_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/1855x_refsource_CONFIRM
https://github.com/irsl/jackson-rce-via-spel/x_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:51:32.239Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:1448",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1448"
          },
          {
            "name": "RHSA-2018:0479",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0479"
          },
          {
            "name": "RHSA-2018:0481",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0481"
          },
          {
            "name": "RHSA-2018:1449",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1449"
          },
          {
            "name": "RHSA-2018:1450",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1450"
          },
          {
            "name": "RHSA-2018:1451",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1451"
          },
          {
            "name": "RHSA-2018:0116",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0116"
          },
          {
            "name": "RHSA-2018:0342",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0342"
          },
          {
            "name": "20180109 CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/541652/100/0/threaded"
          },
          {
            "name": "RHSA-2018:0480",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0480"
          },
          {
            "name": "RHSA-2018:1447",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1447"
          },
          {
            "name": "DSA-4114",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4114"
          },
          {
            "name": "RHSA-2018:0478",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0478"
          },
          {
            "name": "RHSA-2018:2930",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2930"
          },
          {
            "name": "RHSA-2019:1782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1782"
          },
          {
            "name": "RHSA-2019:1797",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1797"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "name": "RHSA-2019:3892",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3892"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180201-0003/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/1855"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/irsl/jackson-rce-via-spel/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:51",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2018:1448",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1448"
        },
        {
          "name": "RHSA-2018:0479",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0479"
        },
        {
          "name": "RHSA-2018:0481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0481"
        },
        {
          "name": "RHSA-2018:1449",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1449"
        },
        {
          "name": "RHSA-2018:1450",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1450"
        },
        {
          "name": "RHSA-2018:1451",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1451"
        },
        {
          "name": "RHSA-2018:0116",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0116"
        },
        {
          "name": "RHSA-2018:0342",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0342"
        },
        {
          "name": "20180109 CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/541652/100/0/threaded"
        },
        {
          "name": "RHSA-2018:0480",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0480"
        },
        {
          "name": "RHSA-2018:1447",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1447"
        },
        {
          "name": "DSA-4114",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4114"
        },
        {
          "name": "RHSA-2018:0478",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0478"
        },
        {
          "name": "RHSA-2018:2930",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2930"
        },
        {
          "name": "RHSA-2019:1782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1782"
        },
        {
          "name": "RHSA-2019:1797",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1797"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "name": "RHSA-2019:3892",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3892"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180201-0003/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/1855"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/irsl/jackson-rce-via-spel/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17485",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:1448",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1448"
            },
            {
              "name": "RHSA-2018:0479",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0479"
            },
            {
              "name": "RHSA-2018:0481",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0481"
            },
            {
              "name": "RHSA-2018:1449",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1449"
            },
            {
              "name": "RHSA-2018:1450",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1450"
            },
            {
              "name": "RHSA-2018:1451",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1451"
            },
            {
              "name": "RHSA-2018:0116",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0116"
            },
            {
              "name": "RHSA-2018:0342",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0342"
            },
            {
              "name": "20180109 CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/541652/100/0/threaded"
            },
            {
              "name": "RHSA-2018:0480",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0480"
            },
            {
              "name": "RHSA-2018:1447",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1447"
            },
            {
              "name": "DSA-4114",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4114"
            },
            {
              "name": "RHSA-2018:0478",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0478"
            },
            {
              "name": "RHSA-2018:2930",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2930"
            },
            {
              "name": "RHSA-2019:1782",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1782"
            },
            {
              "name": "RHSA-2019:1797",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1797"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "RHSA-2019:3892",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3892"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180201-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180201-0003/"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03902en_us"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/1855",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/issues/1855"
            },
            {
              "name": "https://github.com/irsl/jackson-rce-via-spel/",
              "refsource": "MISC",
              "url": "https://github.com/irsl/jackson-rce-via-spel/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17485",
    "datePublished": "2018-01-10T18:00:00",
    "dateReserved": "2017-12-10T00:00:00",
    "dateUpdated": "2024-08-05T20:51:32.239Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-36183
Vulnerability from cvelistv5
Published
2021-01-06 22:30
Modified
2024-08-04 17:23
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:23:09.407Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/3003"
          },
          {
            "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:21:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/3003"
        },
        {
          "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-36183",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/3003",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/3003"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36183",
    "datePublished": "2021-01-06T22:30:15",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-04T17:23:09.407Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-11112
Vulnerability from cvelistv5
Published
2020-03-31 04:37
Modified
2024-08-04 11:21
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jackson-databind",
            "vendor": "fasterxml",
            "versions": [
              {
                "lessThan": "2.9.10.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "steelstore_cloud_integrated_storage",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "agile_plm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autovue_for_agile_product_lifecycle_management",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.0.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "banking_digital_experience",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "18.3",
                "status": "affected",
                "version": "18.1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "19.2",
                "status": "affected",
                "version": "19.1",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "20.1"
              },
              {
                "lessThanOrEqual": "2.9.0",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_calendar_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.0.5.0",
                "status": "affected",
                "version": "8.0.0.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_diameter_signaling_router",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_element_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_evolved_communications_application_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_instant_messaging_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "10.0.1.4.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "6.0.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.0.3",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_session_route_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_manager_base_platform",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "13.4.0.0",
                "status": "affected",
                "version": "13.3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_analytical_applications_infrastructure",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.1.0",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_institutional_performance_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              },
              {
                "status": "affected",
                "version": "8.0.7"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_price_creation_and_discovery",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.7",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_retail_customer_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "global_lifecycle_management_opatch",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.0.1.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "insurance_policy_administration_j2ee",
            "vendor": "oracle",
            "versions": [
              {
                "lessThan": "11.1.0.15",
                "status": "affected",
                "version": "11.0.2.25",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jd_edwards_enterpriseone_orchestrator",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "9.2.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "primavera_unifier",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "16.1"
              },
              {
                "status": "affected",
                "version": "16.2"
              },
              {
                "lessThanOrEqual": "17.12",
                "status": "affected",
                "version": "17.7",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "18.8"
              },
              {
                "status": "affected",
                "version": "19.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_merchandising_system",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "15.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_sales_audit",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_service_backbone",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              },
              {
                "status": "affected",
                "version": "15.0"
              },
              {
                "status": "affected",
                "version": "16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_xstore_point_of_service",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "19.0",
                "status": "affected",
                "version": "15.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "weblogic_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.1.4.0",
                "status": "affected",
                "version": "12.2.1.3.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-11112",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-25T04:00:42.504958Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:12:17.235Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:14.621Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2666"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:49",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2666"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11112",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2666",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2666"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11112",
    "datePublished": "2020-03-31T04:37:41",
    "dateReserved": "2020-03-31T00:00:00",
    "dateUpdated": "2024-08-04T11:21:14.621Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-36185
Vulnerability from cvelistv5
Published
2021-01-06 22:29
Modified
2024-08-04 17:23
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:23:09.472Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2998"
          },
          {
            "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:21:28",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2998"
        },
        {
          "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-36185",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2998",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2998"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36185",
    "datePublished": "2021-01-06T22:29:59",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-04T17:23:09.472Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-42004
Vulnerability from cvelistv5
Published
2022-10-02 00:00
Modified
2024-08-03 12:56
Severity ?
Summary
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:39.182Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/3582"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490"
          },
          {
            "name": "GLSA-202210-21",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-21"
          },
          {
            "name": "DSA-5283",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5283"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221118-0008/"
          },
          {
            "name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-27T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/FasterXML/jackson-databind/issues/3582"
        },
        {
          "url": "https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88"
        },
        {
          "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490"
        },
        {
          "name": "GLSA-202210-21",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-21"
        },
        {
          "name": "DSA-5283",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5283"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221118-0008/"
        },
        {
          "name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-42004",
    "datePublished": "2022-10-02T00:00:00",
    "dateReserved": "2022-10-02T00:00:00",
    "dateUpdated": "2024-08-03T12:56:39.182Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-12086
Vulnerability from cvelistv5
Published
2019-05-17 16:57
Modified
2024-08-04 23:10
Severity ?
Summary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
References
https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2%40%3Creviews.spark.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2019/05/msg00030.htmlmailing-list, x_refsource_MLIST
https://www.debian.org/security/2019/dsa-4452vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/May/68mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/109227vdb-entry, x_refsource_BID
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/vendor-advisory, x_refsource_FEDORA
https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/vendor-advisory, x_refsource_FEDORA
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2937vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2935vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2936vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2938vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2998vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3044vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3045vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3050vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3046vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3200vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20190530-0003/x_refsource_CONFIRM
http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/x_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2326x_refsource_MISC
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9x_refsource_CONFIRM
https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:10:30.184Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html"
          },
          {
            "name": "DSA-4452",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4452"
          },
          {
            "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/68"
          },
          {
            "name": "109227",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/109227"
          },
          {
            "name": "FEDORA-2019-99ff6aa32c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
          },
          {
            "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"
          },
          {
            "name": "FEDORA-2019-ae6a703b8f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
          },
          {
            "name": "FEDORA-2019-fb23eccc03",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "name": "RHSA-2019:2937",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2937"
          },
          {
            "name": "RHSA-2019:2935",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2935"
          },
          {
            "name": "RHSA-2019:2936",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2936"
          },
          {
            "name": "RHSA-2019:2938",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2938"
          },
          {
            "name": "RHSA-2019:2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2998"
          },
          {
            "name": "RHSA-2019:3044",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3044"
          },
          {
            "name": "RHSA-2019:3045",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3045"
          },
          {
            "name": "RHSA-2019:3050",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3050"
          },
          {
            "name": "RHSA-2019:3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3046"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3200",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3200"
          },
          {
            "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2326"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9"
          },
          {
            "name": "[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:19:56",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html"
        },
        {
          "name": "DSA-4452",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4452"
        },
        {
          "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/68"
        },
        {
          "name": "109227",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/109227"
        },
        {
          "name": "FEDORA-2019-99ff6aa32c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
        },
        {
          "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"
        },
        {
          "name": "FEDORA-2019-ae6a703b8f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
        },
        {
          "name": "FEDORA-2019-fb23eccc03",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "name": "RHSA-2019:2937",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2937"
        },
        {
          "name": "RHSA-2019:2935",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2935"
        },
        {
          "name": "RHSA-2019:2936",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2936"
        },
        {
          "name": "RHSA-2019:2938",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2938"
        },
        {
          "name": "RHSA-2019:2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2998"
        },
        {
          "name": "RHSA-2019:3044",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3044"
        },
        {
          "name": "RHSA-2019:3045",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3045"
        },
        {
          "name": "RHSA-2019:3050",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3050"
        },
        {
          "name": "RHSA-2019:3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3046"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3200",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3200"
        },
        {
          "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2326"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9"
        },
        {
          "name": "[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12086",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html"
            },
            {
              "name": "DSA-4452",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4452"
            },
            {
              "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/68"
            },
            {
              "name": "109227",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/109227"
            },
            {
              "name": "FEDORA-2019-99ff6aa32c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
            },
            {
              "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E"
            },
            {
              "name": "FEDORA-2019-ae6a703b8f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
            },
            {
              "name": "FEDORA-2019-fb23eccc03",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "RHSA-2019:2937",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2937"
            },
            {
              "name": "RHSA-2019:2935",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2935"
            },
            {
              "name": "RHSA-2019:2936",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2936"
            },
            {
              "name": "RHSA-2019:2938",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2938"
            },
            {
              "name": "RHSA-2019:2998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2998"
            },
            {
              "name": "RHSA-2019:3044",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3044"
            },
            {
              "name": "RHSA-2019:3045",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3045"
            },
            {
              "name": "RHSA-2019:3050",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3050"
            },
            {
              "name": "RHSA-2019:3046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3046"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3200",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3200"
            },
            {
              "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190530-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
            },
            {
              "name": "http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/",
              "refsource": "MISC",
              "url": "http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2326",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2326"
            },
            {
              "name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9"
            },
            {
              "name": "[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12086",
    "datePublished": "2019-05-17T16:57:05",
    "dateReserved": "2019-05-13T00:00:00",
    "dateUpdated": "2024-08-04T23:10:30.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-10672
Vulnerability from cvelistv5
Published
2020-03-18 21:17
Modified
2024-08-04 11:06
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "steelstore_cloud_integrated_storage",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "agile_plm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autovue_for_agile_product_lifecycle_management",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.0.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "banking_digital_experience",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "18.3",
                "status": "affected",
                "version": "18.1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "19.2",
                "status": "affected",
                "version": "19.1",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "20.1"
              },
              {
                "lessThanOrEqual": "2.9.0",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_calendar_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.0.5.0",
                "status": "affected",
                "version": "8.0.0.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_diameter_signaling_router",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_element_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_evolved_communications_application_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_instant_messaging_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "10.0.1.4.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "6.0.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.0.3",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_session_route_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_manager_base_platform",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "13.4.0.0",
                "status": "affected",
                "version": "13.3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_analytical_applications_infrastructure",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.1.0",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_institutional_performance_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              },
              {
                "status": "affected",
                "version": "8.0.7"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_price_creation_and_discovery",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.7",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_retail_customer_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "global_lifecycle_management_opatch",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.0.1.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "insurance_policy_administration_j2ee",
            "vendor": "oracle",
            "versions": [
              {
                "lessThan": "11.1.0.15",
                "status": "affected",
                "version": "11.0.2.25",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jd_edwards_enterpriseone_orchestrator",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "9.2.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "primavera_unifier",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "16.1"
              },
              {
                "status": "affected",
                "version": "16.2"
              },
              {
                "lessThanOrEqual": "17.12",
                "status": "affected",
                "version": "17.7",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "18.8"
              },
              {
                "status": "affected",
                "version": "19.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_merchandising_system",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "15.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_sales_audit",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_service_backbone",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              },
              {
                "status": "affected",
                "version": "15.0"
              },
              {
                "status": "affected",
                "version": "16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_xstore_point_of_service",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "19.0",
                "status": "affected",
                "version": "15.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "weblogic_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.1.4.0",
                "status": "affected",
                "version": "12.2.1.3.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jackson-databind",
            "vendor": "fasterxml",
            "versions": [
              {
                "lessThan": "2.9.10.4",
                "status": "affected",
                "version": "2.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-10672",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-25T04:00:48.872316Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T19:56:32.131Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:06:11.143Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2659"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:38",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2659"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-10672",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2659",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2659"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-10672",
    "datePublished": "2020-03-18T21:17:43",
    "dateReserved": "2020-03-18T00:00:00",
    "dateUpdated": "2024-08-04T11:06:11.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-36182
Vulnerability from cvelistv5
Published
2021-01-06 22:30
Modified
2024-08-04 17:23
Summary
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jackson-databind",
            "vendor": "fasterxml",
            "versions": [
              {
                "lessThan": "2.9.10.8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "steelstore_cloud_integrated_storage",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "agile_plm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autovue_for_agile_product_lifecycle_management",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.0.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "banking_digital_experience",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "18.3",
                "status": "affected",
                "version": "18.1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "19.2",
                "status": "affected",
                "version": "19.1",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "20.1"
              },
              {
                "lessThanOrEqual": "2.9.0",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_calendar_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.0.5.0",
                "status": "affected",
                "version": "8.0.0.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_diameter_signaling_router",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_element_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_evolved_communications_application_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_instant_messaging_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "10.0.1.4.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "6.0.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.0.3",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_session_route_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_manager_base_platform",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "13.4.0.0",
                "status": "affected",
                "version": "13.3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_analytical_applications_infrastructure",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.1.0",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_institutional_performance_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              },
              {
                "status": "affected",
                "version": "8.0.7"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_price_creation_and_discovery",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.7",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_retail_customer_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "global_lifecycle_management_opatch",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.0.1.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "insurance_policy_administration_j2ee",
            "vendor": "oracle",
            "versions": [
              {
                "lessThan": "11.1.0.15",
                "status": "affected",
                "version": "11.0.2.25",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jd_edwards_enterpriseone_orchestrator",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "9.2.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "primavera_unifier",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "16.1"
              },
              {
                "status": "affected",
                "version": "16.2"
              },
              {
                "lessThanOrEqual": "17.12",
                "status": "affected",
                "version": "17.7",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "18.8"
              },
              {
                "status": "affected",
                "version": "19.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_merchandising_system",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "15.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_sales_audit",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_service_backbone",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              },
              {
                "status": "affected",
                "version": "15.0"
              },
              {
                "status": "affected",
                "version": "16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_xstore_point_of_service",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "19.0",
                "status": "affected",
                "version": "15.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "weblogic_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.1.4.0",
                "status": "affected",
                "version": "12.2.1.3.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-36182",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-25T04:00:52.974482Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:12:28.014Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:23:09.677Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
          },
          {
            "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:20:53",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
        },
        {
          "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-36182",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/3004",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36182",
    "datePublished": "2021-01-06T22:30:22",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-04T17:23:09.677Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14195
Vulnerability from cvelistv5
Published
2020-06-16 15:07
Modified
2024-08-04 12:39
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:39:36.209Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2765"
          },
          {
            "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:39:13",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2765"
        },
        {
          "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-14195",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2765",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2765"
            },
            {
              "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200702-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-14195",
    "datePublished": "2020-06-16T15:07:11",
    "dateReserved": "2020-06-16T00:00:00",
    "dateUpdated": "2024-08-04T12:39:36.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-16943
Vulnerability from cvelistv5
Published
2019-10-01 16:06
Modified
2024-08-05 01:24
Severity ?
Summary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
References
https://lists.debian.org/debian-lts-announce/2019/10/msg00001.htmlmailing-list, x_refsource_MLIST
https://www.debian.org/security/2019/dsa-4542vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Oct/6mailing-list, x_refsource_BUGTRAQ
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/vendor-advisory, x_refsource_FEDORA
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/vendor-advisory, x_refsource_FEDORA
https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd%40%3Ccommits.iceberg.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2020:0164vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0159vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0160vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0161vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0445vendor-advisory, x_refsource_REDHAT
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2478x_refsource_MISC
https://security.netapp.com/advisory/ntap-20191017-0006/x_refsource_CONFIRM
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:24:48.524Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"
          },
          {
            "name": "DSA-4542",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4542"
          },
          {
            "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Oct/6"
          },
          {
            "name": "FEDORA-2019-b171554877",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "FEDORA-2019-cf87377f5f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"
          },
          {
            "name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E"
          },
          {
            "name": "[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd%40%3Ccommits.iceberg.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "RHSA-2020:0164",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0164"
          },
          {
            "name": "RHSA-2020:0159",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0159"
          },
          {
            "name": "RHSA-2020:0160",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0160"
          },
          {
            "name": "RHSA-2020:0161",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0161"
          },
          {
            "name": "RHSA-2020:0445",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0445"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2478"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191017-0006/"
          },
          {
            "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T22:53:39",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"
        },
        {
          "name": "DSA-4542",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4542"
        },
        {
          "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Oct/6"
        },
        {
          "name": "FEDORA-2019-b171554877",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "FEDORA-2019-cf87377f5f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"
        },
        {
          "name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E"
        },
        {
          "name": "[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd%40%3Ccommits.iceberg.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "RHSA-2020:0164",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0164"
        },
        {
          "name": "RHSA-2020:0159",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0159"
        },
        {
          "name": "RHSA-2020:0160",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0160"
        },
        {
          "name": "RHSA-2020:0161",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0161"
        },
        {
          "name": "RHSA-2020:0445",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0445"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2478"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191017-0006/"
        },
        {
          "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-16943",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"
            },
            {
              "name": "DSA-4542",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4542"
            },
            {
              "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Oct/6"
            },
            {
              "name": "FEDORA-2019-b171554877",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "FEDORA-2019-cf87377f5f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"
            },
            {
              "name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E"
            },
            {
              "name": "[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E"
            },
            {
              "name": "[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "RHSA-2020:0164",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0164"
            },
            {
              "name": "RHSA-2020:0159",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0159"
            },
            {
              "name": "RHSA-2020:0160",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0160"
            },
            {
              "name": "RHSA-2020:0161",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0161"
            },
            {
              "name": "RHSA-2020:0445",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0445"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2478",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2478"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191017-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191017-0006/"
            },
            {
              "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-16943",
    "datePublished": "2019-10-01T16:06:23",
    "dateReserved": "2019-09-29T00:00:00",
    "dateUpdated": "2024-08-05T01:24:48.524Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-10968
Vulnerability from cvelistv5
Published
2020-03-26 12:43
Modified
2024-08-04 11:21
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "steelstore_cloud_integrated_storage",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "agile_plm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autovue_for_agile_product_lifecycle_management",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.0.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "banking_digital_experience",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "18.3",
                "status": "affected",
                "version": "18.1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "19.2",
                "status": "affected",
                "version": "19.1",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "20.1"
              },
              {
                "lessThanOrEqual": "2.9.0",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_calendar_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.0.5.0",
                "status": "affected",
                "version": "8.0.0.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_diameter_signaling_router",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_element_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_evolved_communications_application_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_instant_messaging_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "10.0.1.4.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "6.0.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.0.3",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_session_route_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_manager_base_platform",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "13.4.0.0",
                "status": "affected",
                "version": "13.3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_analytical_applications_infrastructure",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.1.0",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_institutional_performance_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              },
              {
                "status": "affected",
                "version": "8.0.7"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_price_creation_and_discovery",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.7",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_retail_customer_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "global_lifecycle_management_opatch",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.0.1.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "insurance_policy_administration_j2ee",
            "vendor": "oracle",
            "versions": [
              {
                "lessThan": "11.1.0.15",
                "status": "affected",
                "version": "11.0.2.25",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jd_edwards_enterpriseone_orchestrator",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "9.2.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "primavera_unifier",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "16.1"
              },
              {
                "status": "affected",
                "version": "16.2"
              },
              {
                "lessThanOrEqual": "17.12",
                "status": "affected",
                "version": "17.7",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "18.8"
              },
              {
                "status": "affected",
                "version": "19.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_merchandising_system",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "15.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_sales_audit",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_service_backbone",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              },
              {
                "status": "affected",
                "version": "15.0"
              },
              {
                "status": "affected",
                "version": "16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_xstore_point_of_service",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "19.0",
                "status": "affected",
                "version": "15.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "weblogic_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.1.4.0",
                "status": "affected",
                "version": "12.2.1.3.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jackson-databind",
            "vendor": "fasterxml",
            "versions": [
              {
                "lessThan": "2.9.10.4",
                "status": "affected",
                "version": "2.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-10968",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-25T04:00:46.867668Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T19:57:31.283Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:14.276Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2662"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:43",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2662"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-10968",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2662",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2662"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-10968",
    "datePublished": "2020-03-26T12:43:45",
    "dateReserved": "2020-03-26T00:00:00",
    "dateUpdated": "2024-08-04T11:21:14.276Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-24750
Vulnerability from cvelistv5
Published
2020-09-17 18:39
Modified
2024-08-04 15:19
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:19:09.375Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2798"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20201009-0003/"
          },
          {
            "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:22:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2798"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20201009-0003/"
        },
        {
          "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-24750",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2798",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2798"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20201009-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20201009-0003/"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-24750",
    "datePublished": "2020-09-17T18:39:40",
    "dateReserved": "2020-08-28T00:00:00",
    "dateUpdated": "2024-08-04T15:19:09.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-14718
Vulnerability from cvelistv5
Published
2019-01-02 18:00
Modified
2024-08-05 09:38
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
References
https://lists.debian.org/debian-lts-announce/2019/03/msg00005.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286%40%3Cdev.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f%40%3Cdev.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df%40%3Cdev.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:0782vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/106601vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2019:0877vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2019:0959vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2019/dsa-4452vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/May/68mailing-list, x_refsource_BUGTRAQ
https://access.redhat.com/errata/RHSA-2019:1782vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1797vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1822vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1823vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2804vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3002vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3140vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3892vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:4037vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20190530-0003/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/2097x_refsource_CONFIRM
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7x_refsource_CONFIRM
https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3Emailing-list, x_refsource_MLIST
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:38:13.347Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
          },
          {
            "name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286%40%3Cdev.lucene.apache.org%3E"
          },
          {
            "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f%40%3Cdev.lucene.apache.org%3E"
          },
          {
            "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df%40%3Cdev.lucene.apache.org%3E"
          },
          {
            "name": "RHSA-2019:0782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0782"
          },
          {
            "name": "106601",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106601"
          },
          {
            "name": "RHSA-2019:0877",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0877"
          },
          {
            "name": "RHBA-2019:0959",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:0959"
          },
          {
            "name": "DSA-4452",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4452"
          },
          {
            "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/68"
          },
          {
            "name": "RHSA-2019:1782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1782"
          },
          {
            "name": "RHSA-2019:1797",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1797"
          },
          {
            "name": "RHSA-2019:1822",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1822"
          },
          {
            "name": "RHSA-2019:1823",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1823"
          },
          {
            "name": "RHSA-2019:2804",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2804"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "name": "RHSA-2019:3002",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3002"
          },
          {
            "name": "RHSA-2019:3140",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3140"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3892",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3892"
          },
          {
            "name": "RHSA-2019:4037",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4037"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2097"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7"
          },
          {
            "name": "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-25T00:06:19",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
        },
        {
          "name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286%40%3Cdev.lucene.apache.org%3E"
        },
        {
          "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f%40%3Cdev.lucene.apache.org%3E"
        },
        {
          "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df%40%3Cdev.lucene.apache.org%3E"
        },
        {
          "name": "RHSA-2019:0782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0782"
        },
        {
          "name": "106601",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106601"
        },
        {
          "name": "RHSA-2019:0877",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0877"
        },
        {
          "name": "RHBA-2019:0959",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2019:0959"
        },
        {
          "name": "DSA-4452",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4452"
        },
        {
          "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/68"
        },
        {
          "name": "RHSA-2019:1782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1782"
        },
        {
          "name": "RHSA-2019:1797",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1797"
        },
        {
          "name": "RHSA-2019:1822",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1822"
        },
        {
          "name": "RHSA-2019:1823",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1823"
        },
        {
          "name": "RHSA-2019:2804",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2804"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "name": "RHSA-2019:3002",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3002"
        },
        {
          "name": "RHSA-2019:3140",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3140"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3892",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3892"
        },
        {
          "name": "RHSA-2019:4037",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4037"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2097"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7"
        },
        {
          "name": "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-14718",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
            },
            {
              "name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E"
            },
            {
              "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E"
            },
            {
              "name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E"
            },
            {
              "name": "RHSA-2019:0782",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0782"
            },
            {
              "name": "106601",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106601"
            },
            {
              "name": "RHSA-2019:0877",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0877"
            },
            {
              "name": "RHBA-2019:0959",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHBA-2019:0959"
            },
            {
              "name": "DSA-4452",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4452"
            },
            {
              "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/68"
            },
            {
              "name": "RHSA-2019:1782",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1782"
            },
            {
              "name": "RHSA-2019:1797",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1797"
            },
            {
              "name": "RHSA-2019:1822",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1822"
            },
            {
              "name": "RHSA-2019:1823",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1823"
            },
            {
              "name": "RHSA-2019:2804",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2804"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "RHSA-2019:3002",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3002"
            },
            {
              "name": "RHSA-2019:3140",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3140"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3892",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3892"
            },
            {
              "name": "RHSA-2019:4037",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4037"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190530-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2097",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2097"
            },
            {
              "name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7"
            },
            {
              "name": "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-14718",
    "datePublished": "2019-01-02T18:00:00",
    "dateReserved": "2018-07-28T00:00:00",
    "dateUpdated": "2024-08-05T09:38:13.347Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-12023
Vulnerability from cvelistv5
Published
2019-03-17 17:57
Modified
2024-08-05 08:24
Severity ?
Summary
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
References
https://access.redhat.com/errata/RHSA-2019:0782vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0877vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2019:0959vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1107vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1108vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1106vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1140vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2019/dsa-4452vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/May/68mailing-list, x_refsource_BUGTRAQ
https://access.redhat.com/errata/RHSA-2019:1782vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1797vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1822vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1823vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2804vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d%40%3Cissues.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3002vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3140vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3892vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:4037vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/x_refsource_MISC
https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdfx_refsource_MISC
http://www.securityfocus.com/bid/105659x_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2058x_refsource_MISC
https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226ax_refsource_MISC
https://security.netapp.com/advisory/ntap-20190530-0003/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:24:03.746Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2019:0782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0782"
          },
          {
            "name": "RHSA-2019:0877",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0877"
          },
          {
            "name": "RHBA-2019:0959",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:0959"
          },
          {
            "name": "RHSA-2019:1107",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1107"
          },
          {
            "name": "RHSA-2019:1108",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1108"
          },
          {
            "name": "RHSA-2019:1106",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1106"
          },
          {
            "name": "RHSA-2019:1140",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1140"
          },
          {
            "name": "DSA-4452",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4452"
          },
          {
            "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/68"
          },
          {
            "name": "RHSA-2019:1782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1782"
          },
          {
            "name": "RHSA-2019:1797",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1797"
          },
          {
            "name": "RHSA-2019:1822",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1822"
          },
          {
            "name": "RHSA-2019:1823",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1823"
          },
          {
            "name": "RHSA-2019:2804",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2804"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "name": "[lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d%40%3Cissues.lucene.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3002",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3002"
          },
          {
            "name": "RHSA-2019:3140",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3140"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3892",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3892"
          },
          {
            "name": "RHSA-2019:4037",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4037"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105659"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2058"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-06-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:53",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2019:0782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0782"
        },
        {
          "name": "RHSA-2019:0877",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0877"
        },
        {
          "name": "RHBA-2019:0959",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2019:0959"
        },
        {
          "name": "RHSA-2019:1107",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1107"
        },
        {
          "name": "RHSA-2019:1108",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1108"
        },
        {
          "name": "RHSA-2019:1106",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1106"
        },
        {
          "name": "RHSA-2019:1140",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1140"
        },
        {
          "name": "DSA-4452",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4452"
        },
        {
          "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/68"
        },
        {
          "name": "RHSA-2019:1782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1782"
        },
        {
          "name": "RHSA-2019:1797",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1797"
        },
        {
          "name": "RHSA-2019:1822",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1822"
        },
        {
          "name": "RHSA-2019:1823",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1823"
        },
        {
          "name": "RHSA-2019:2804",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2804"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "name": "[lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d%40%3Cissues.lucene.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3002",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3002"
        },
        {
          "name": "RHSA-2019:3140",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3140"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3892",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3892"
        },
        {
          "name": "RHSA-2019:4037",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4037"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/105659"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2058"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-12023",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2019:0782",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0782"
            },
            {
              "name": "RHSA-2019:0877",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0877"
            },
            {
              "name": "RHBA-2019:0959",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHBA-2019:0959"
            },
            {
              "name": "RHSA-2019:1107",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1107"
            },
            {
              "name": "RHSA-2019:1108",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1108"
            },
            {
              "name": "RHSA-2019:1106",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1106"
            },
            {
              "name": "RHSA-2019:1140",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1140"
            },
            {
              "name": "DSA-4452",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4452"
            },
            {
              "name": "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/68"
            },
            {
              "name": "RHSA-2019:1782",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1782"
            },
            {
              "name": "RHSA-2019:1797",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1797"
            },
            {
              "name": "RHSA-2019:1822",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1822"
            },
            {
              "name": "RHSA-2019:1823",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1823"
            },
            {
              "name": "RHSA-2019:2804",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2804"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "[lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3002",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3002"
            },
            {
              "name": "RHSA-2019:3140",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3140"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3892",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3892"
            },
            {
              "name": "RHSA-2019:4037",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4037"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/",
              "refsource": "MISC",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/"
            },
            {
              "name": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf",
              "refsource": "MISC",
              "url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf"
            },
            {
              "name": "http://www.securityfocus.com/bid/105659",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/105659"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2058",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2058"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190530-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190530-0003/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-12023",
    "datePublished": "2019-03-17T17:57:52",
    "dateReserved": "2018-06-07T00:00:00",
    "dateUpdated": "2024-08-05T08:24:03.746Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-36181
Vulnerability from cvelistv5
Published
2021-01-06 22:29
Modified
2024-08-04 17:23
Summary
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "steelstore_cloud_integrated_storage",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "agile_plm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autovue_for_agile_product_lifecycle_management",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.0.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "banking_digital_experience",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "18.3",
                "status": "affected",
                "version": "18.1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "19.2",
                "status": "affected",
                "version": "19.1",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "20.1"
              },
              {
                "lessThanOrEqual": "2.9.0",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_calendar_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.0.5.0",
                "status": "affected",
                "version": "8.0.0.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_diameter_signaling_router",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_element_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_evolved_communications_application_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_instant_messaging_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "10.0.1.4.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "6.0.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.0.3",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_session_route_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_manager_base_platform",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "13.4.0.0",
                "status": "affected",
                "version": "13.3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_analytical_applications_infrastructure",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.1.0",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_institutional_performance_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              },
              {
                "status": "affected",
                "version": "8.0.7"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_price_creation_and_discovery",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.7",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_retail_customer_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "global_lifecycle_management_opatch",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.0.1.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "insurance_policy_administration_j2ee",
            "vendor": "oracle",
            "versions": [
              {
                "lessThan": "11.1.0.15",
                "status": "affected",
                "version": "11.0.2.25",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jd_edwards_enterpriseone_orchestrator",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "9.2.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "primavera_unifier",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "16.1"
              },
              {
                "status": "affected",
                "version": "16.2"
              },
              {
                "lessThanOrEqual": "17.12",
                "status": "affected",
                "version": "17.7",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "18.8"
              },
              {
                "status": "affected",
                "version": "19.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_merchandising_system",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "15.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_sales_audit",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_service_backbone",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              },
              {
                "status": "affected",
                "version": "15.0"
              },
              {
                "status": "affected",
                "version": "16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_xstore_point_of_service",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "19.0",
                "status": "affected",
                "version": "15.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "weblogic_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.1.4.0",
                "status": "affected",
                "version": "12.2.1.3.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jackson-databind",
            "vendor": "fasterxml",
            "versions": [
              {
                "lessThan": "2.9.10.8",
                "status": "affected",
                "version": "2.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-36181",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-25T04:00:51.951666Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T19:56:26.103Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:23:09.306Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
          },
          {
            "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:20:40",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
        },
        {
          "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-36181",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/3004",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/3004"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36181",
    "datePublished": "2021-01-06T22:29:19",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-04T17:23:09.306Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14060
Vulnerability from cvelistv5
Published
2020-06-14 20:46
Modified
2024-08-04 12:32
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:32:14.684Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2688"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:39:07",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2688"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-14060",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2688",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2688"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200702-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-14060",
    "datePublished": "2020-06-14T20:46:47",
    "dateReserved": "2020-06-14T00:00:00",
    "dateUpdated": "2024-08-04T12:32:14.684Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-11620
Vulnerability from cvelistv5
Published
2020-04-07 22:14
Modified
2024-08-04 11:35
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:35:13.316Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200511-0004/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2682"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-20T14:42:04",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200511-0004/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2682"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11620",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200511-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200511-0004/"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2682",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2682"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11620",
    "datePublished": "2020-04-07T22:14:18",
    "dateReserved": "2020-04-07T00:00:00",
    "dateUpdated": "2024-08-04T11:35:13.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-14893
Vulnerability from cvelistv5
Published
2020-03-02 20:11
Modified
2024-08-05 00:26
Summary
A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
Impacted products
Red Hatjackson-databind
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:26:39.152Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2020:0729",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0729"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14893"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2469"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200327-0006/"
          },
          {
            "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jackson-databind",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "2.9.10"
            },
            {
              "status": "affected",
              "version": "2.10.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:57",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2020:0729",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0729"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14893"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2469"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200327-0006/"
        },
        {
          "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2019-14893",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "jackson-databind",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.9.10"
                          },
                          {
                            "version_value": "2.10.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Red Hat"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-502"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2020:0729",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0729"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14893",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14893"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2469",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2469"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200327-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200327-0006/"
            },
            {
              "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-14893",
    "datePublished": "2020-03-02T20:11:32",
    "dateReserved": "2019-08-10T00:00:00",
    "dateUpdated": "2024-08-05T00:26:39.152Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

var-202003-1785
Vulnerability from variot

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). FasterXML jackson-databind contains an untrusted data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:

Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business.

It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.

Security Fix(es):

  • apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)

  • cxf: does not restrict the number of message attachments (CVE-2019-12406)

  • cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12419)

  • hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)

  • HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)

  • HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)

  • HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)

  • HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)

  • jackson-databind: Multiple serialization gadgets (CVE-2019-17531, CVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540, CVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2019-20330, CVE-2020-8840)

  • jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672, CVE-2020-10673)

  • keycloak: adapter endpoints are exposed via arbitrary URLs (CVE-2019-14820)

  • keycloak: missing signatures validation on CRL used to verify client certificates (CVE-2019-3875)

  • keycloak: SAML broker does not check existence of signature on document allowing any user impersonation (CVE-2019-10201)

  • keycloak: CSRF check missing in My Resources functionality in the Account Console (CVE-2019-10199)

  • keycloak: cross-realm user access auth bypass (CVE-2019-14832)

  • netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)

  • SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader (CVE-2020-1729)

  • thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)

  • thrift: Endless loop when feed with specific input data (CVE-2019-0205)

  • undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888)

  • wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887)

  • wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default (CVE-2019-14838)

  • xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source (CVE-2019-12400)

For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section. You must be logged in to download the update.

NOTE: This advisory is an addendum to https://access.redhat.com/errata/RHBA-2020:1414 and is an informational advisory only, to clarify security fixes released therein. No code has been modified as part of this advisory. Description:

Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Bugs fixed (https://bugzilla.redhat.com/):

1800573 - CVE-2020-1727 keycloak: missing input validation in IDP authorization URLs 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop

  1. Summary:

This is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):

JBEAP-18881 - Upgrade Undertow to 2.0.30.SP1 JBEAP-18974 - Upgrade snakeyaml to 1.26 JBEAP-18975 - Upgrade cryptacular to 1.2.4 JBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001 JBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4 JBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final JBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final JBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final JBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: Red Hat Data Grid 7.3.7 security update Advisory ID: RHSA-2020:3779-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2020:3779 Issue date: 2020-09-17 CVE Names: CVE-2017-7658 CVE-2019-10172 CVE-2020-1695 CVE-2020-1710 CVE-2020-1719 CVE-2020-1745 CVE-2020-1748 CVE-2020-1757 CVE-2020-8840 CVE-2020-9488 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10672 CVE-2020-10673 CVE-2020-10714 CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11612 CVE-2020-11619 CVE-2020-11620 ==================================================================== 1. Summary:

An update for Red Hat Data Grid is now available.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Description:

Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.

This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.

Security Fix(es):

  • jetty: Incorrect header handling (CVE-2017-7658)

  • EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)

  • undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)

  • undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)

  • jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

  • jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

  • jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

  • jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

  • jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)

  • jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)

  • jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)

  • jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)

  • jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)

  • jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)

  • jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)

  • jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619)

  • jackson-databind: Serialization gadgets in commons-jelly:commons-jelly (CVE-2020-11620)

  • jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

  • resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

  • Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)

  • Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)

  • wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)

  • netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)

  • log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

To install this update, do the following:

  1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.
  2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.
  3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.
  4. Restart Data Grid to ensure the changes take effect.

  5. Bugs fixed (https://bugzilla.redhat.com/):

1595621 - CVE-2017-7658 jetty: Incorrect header handling 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender

  1. References:

https://access.redhat.com/security/cve/CVE-2017-7658 https://access.redhat.com/security/cve/CVE-2019-10172 https://access.redhat.com/security/cve/CVE-2020-1695 https://access.redhat.com/security/cve/CVE-2020-1710 https://access.redhat.com/security/cve/CVE-2020-1719 https://access.redhat.com/security/cve/CVE-2020-1745 https://access.redhat.com/security/cve/CVE-2020-1748 https://access.redhat.com/security/cve/CVE-2020-1757 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9488 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10672 https://access.redhat.com/security/cve/CVE-2020-10673 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11111 https://access.redhat.com/security/cve/CVE-2020-11112 https://access.redhat.com/security/cve/CVE-2020-11113 https://access.redhat.com/security/cve/CVE-2020-11612 https://access.redhat.com/security/cve/CVE-2020-11619 https://access.redhat.com/security/cve/CVE-2020-11620 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\xdata.grid&downloadType=securityPatches&version=7.3 https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBX2Nf/dzjgjWX9erEAQifjA/7BlSA2KK7e4RlxfRAP3Sj7xT+CRlFcOJn NVVI6DNpfZNtD/TJ4M5JFMP/yzKb+/FoaGVUexqiUxQBcrYsViZdfwfQ6PSwQgd8 5GAtC0NINGYmr0y7m6sKbAwAofnmCoEjNPjpdfLG632Err4vXDT9pGx1RNIrfS0A qaOSuf2BjZkD9A6Azroupq/ePmRnDBW4ovWF4ES415Pa5T7N4rmoyZ3UnGrbubmm GisjzhBbFyjL2wM1gMtqKlf5Qdre0XQIio4YLEnK1DaS7qLS36L04UJP9rwtB/nn aCOKZE/4Ch0gYcNlwniH4MK4Aiy/z/OGQopuhJoKFADJ3Y5lnJwCWDMjMKwWSj1G DvKG4uSIa8l2oxGQURThwxY1Jr7sbQTy2QXCVoyZj9oOKoGel+qJaGVFVnwsOpB7 MB8nPAuINZ91RR7xSBLv/AyoLnXV3dI97kOyTwEhld6THIwAUWqk+V2y7M6Onlx9 Pf+whfe0ORHzeCj/UBZh2NqcuShUpjdE9aLyYyefa2VV4t+0L4XlIfnlNuL8Ja7j wzLJlo/u8XMktoXRrBpMWZaCzcqN1+BTuQUXNZeqfNtgFmCgJVxp6tHyHni7flQq P2M8FaCyQHyQ1ggSljgZ66AEdiwatYpqOxR4yUyrKmsXt9iPsX45TdA9zSKmF2Sb PyKX8lLP6w8=n+2X -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The purpose of this text-only errata is to inform you about the security issues fixed in this release.

Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/

  1. Bugs fixed (https://bugzilla.redhat.com/):

1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Relevant releases/architectures:

6Client-AMQ-Clients-2 - i386, noarch, x86_64 6ComputeNode-AMQ-Clients-2 - noarch, x86_64 6Server-AMQ-Clients-2 - i386, noarch, x86_64 6Workstation-AMQ-Clients-2 - i386, noarch, x86_64 7Client-AMQ-Clients-2 - noarch, x86_64 7ComputeNode-AMQ-Clients-2 - noarch, x86_64 7Server-AMQ-Clients-2 - noarch, x86_64 7Workstation-AMQ-Clients-2 - noarch, x86_64 8Base-AMQ-Clients-2 - noarch, x86_64

  1. Description:

Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 1851327 - CVE-2020-14307 wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service

  1. JIRA issues fixed (https://issues.jboss.org/):

ENTMQCL-1987 - AMQ Resource Adapter example project is incompatible with Maven 3.6 ENTMQCL-1988 - AMQ Resource Adapter example project does not run ENTMQCL-2070 - [jms] Log successful reconnects more prominently

  1. Package List:

6Client-AMQ-Clients-2:

Source: qpid-cpp-1.36.0-31.el6_10amq.src.rpm qpid-proton-0.32.0-1.el6_10.src.rpm

i386: python-qpid-proton-0.32.0-1.el6_10.i686.rpm qpid-proton-c-0.32.0-1.el6_10.i686.rpm qpid-proton-c-devel-0.32.0-1.el6_10.i686.rpm qpid-proton-cpp-0.32.0-1.el6_10.i686.rpm qpid-proton-cpp-devel-0.32.0-1.el6_10.i686.rpm qpid-proton-debuginfo-0.32.0-1.el6_10.i686.rpm

noarch: python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm qpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm qpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm qpid-proton-tests-0.32.0-1.el6_10.noarch.rpm

x86_64: python-qpid-proton-0.32.0-1.el6_10.x86_64.rpm qpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm qpid-proton-c-0.32.0-1.el6_10.x86_64.rpm qpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm qpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm qpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm qpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm

6ComputeNode-AMQ-Clients-2:

Source: qpid-cpp-1.36.0-31.el6_10amq.src.rpm qpid-proton-0.32.0-1.el6_10.src.rpm

noarch: python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm qpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm qpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm qpid-proton-tests-0.32.0-1.el6_10.noarch.rpm

x86_64: python-qpid-proton-0.32.0-1.el6_10.x86_64.rpm qpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm qpid-proton-c-0.32.0-1.el6_10.x86_64.rpm qpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm qpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm qpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm qpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm

6Server-AMQ-Clients-2:

Source: qpid-cpp-1.36.0-31.el6_10amq.src.rpm qpid-proton-0.32.0-1.el6_10.src.rpm

i386: python-qpid-proton-0.32.0-1.el6_10.i686.rpm qpid-proton-c-0.32.0-1.el6_10.i686.rpm qpid-proton-c-devel-0.32.0-1.el6_10.i686.rpm qpid-proton-cpp-0.32.0-1.el6_10.i686.rpm qpid-proton-cpp-devel-0.32.0-1.el6_10.i686.rpm qpid-proton-debuginfo-0.32.0-1.el6_10.i686.rpm

noarch: python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm qpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm qpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm qpid-proton-tests-0.32.0-1.el6_10.noarch.rpm

x86_64: python-qpid-proton-0.32.0-1.el6_10.x86_64.rpm qpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm qpid-proton-c-0.32.0-1.el6_10.x86_64.rpm qpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm qpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm qpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm qpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm

6Workstation-AMQ-Clients-2:

Source: qpid-cpp-1.36.0-31.el6_10amq.src.rpm qpid-proton-0.32.0-1.el6_10.src.rpm

i386: python-qpid-proton-0.32.0-1.el6_10.i686.rpm qpid-proton-c-0.32.0-1.el6_10.i686.rpm qpid-proton-c-devel-0.32.0-1.el6_10.i686.rpm qpid-proton-cpp-0.32.0-1.el6_10.i686.rpm qpid-proton-cpp-devel-0.32.0-1.el6_10.i686.rpm qpid-proton-debuginfo-0.32.0-1.el6_10.i686.rpm

noarch: python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm qpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm qpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm qpid-proton-tests-0.32.0-1.el6_10.noarch.rpm

x86_64: python-qpid-proton-0.32.0-1.el6_10.x86_64.rpm qpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm qpid-proton-c-0.32.0-1.el6_10.x86_64.rpm qpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm qpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm qpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm qpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm

7Client-AMQ-Clients-2:

Source: qpid-cpp-1.36.0-31.el7amq.src.rpm qpid-proton-0.32.0-2.el7.src.rpm

noarch: python-qpid-proton-docs-0.32.0-2.el7.noarch.rpm qpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm qpid-proton-c-docs-0.32.0-2.el7.noarch.rpm qpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm qpid-proton-tests-0.32.0-2.el7.noarch.rpm

x86_64: python-qpid-proton-0.32.0-2.el7.x86_64.rpm qpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm qpid-proton-c-0.32.0-2.el7.x86_64.rpm qpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm qpid-proton-cpp-0.32.0-2.el7.x86_64.rpm qpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm qpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm rubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm

7ComputeNode-AMQ-Clients-2:

Source: qpid-cpp-1.36.0-31.el7amq.src.rpm qpid-proton-0.32.0-2.el7.src.rpm

noarch: python-qpid-proton-docs-0.32.0-2.el7.noarch.rpm qpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm qpid-proton-c-docs-0.32.0-2.el7.noarch.rpm qpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm qpid-proton-tests-0.32.0-2.el7.noarch.rpm

x86_64: python-qpid-proton-0.32.0-2.el7.x86_64.rpm qpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm qpid-proton-c-0.32.0-2.el7.x86_64.rpm qpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm qpid-proton-cpp-0.32.0-2.el7.x86_64.rpm qpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm qpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm rubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm

7Server-AMQ-Clients-2:

Source: qpid-cpp-1.36.0-31.el7amq.src.rpm qpid-proton-0.32.0-2.el7.src.rpm

noarch: python-qpid-proton-docs-0.32.0-2.el7.noarch.rpm qpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm qpid-proton-c-docs-0.32.0-2.el7.noarch.rpm qpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm qpid-proton-tests-0.32.0-2.el7.noarch.rpm

x86_64: python-qpid-proton-0.32.0-2.el7.x86_64.rpm qpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm qpid-proton-c-0.32.0-2.el7.x86_64.rpm qpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm qpid-proton-cpp-0.32.0-2.el7.x86_64.rpm qpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm qpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm rubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm

7Workstation-AMQ-Clients-2:

Source: qpid-cpp-1.36.0-31.el7amq.src.rpm qpid-proton-0.32.0-2.el7.src.rpm

noarch: python-qpid-proton-docs-0.32.0-2.el7.noarch.rpm qpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm qpid-proton-c-docs-0.32.0-2.el7.noarch.rpm qpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm qpid-proton-tests-0.32.0-2.el7.noarch.rpm

x86_64: python-qpid-proton-0.32.0-2.el7.x86_64.rpm qpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm qpid-proton-c-0.32.0-2.el7.x86_64.rpm qpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm qpid-proton-cpp-0.32.0-2.el7.x86_64.rpm qpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm qpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm rubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm

8Base-AMQ-Clients-2:

Source: nodejs-rhea-1.0.24-1.el8.src.rpm qpid-proton-0.32.0-2.el8.src.rpm

noarch: nodejs-rhea-1.0.24-1.el8.noarch.rpm python-qpid-proton-docs-0.32.0-2.el8.noarch.rpm qpid-proton-c-docs-0.32.0-2.el8.noarch.rpm qpid-proton-cpp-docs-0.32.0-2.el8.noarch.rpm qpid-proton-tests-0.32.0-2.el8.noarch.rpm

x86_64: python3-qpid-proton-0.32.0-2.el8.x86_64.rpm python3-qpid-proton-debuginfo-0.32.0-2.el8.x86_64.rpm qpid-proton-c-0.32.0-2.el8.x86_64.rpm qpid-proton-c-debuginfo-0.32.0-2.el8.x86_64.rpm qpid-proton-c-devel-0.32.0-2.el8.x86_64.rpm qpid-proton-cpp-0.32.0-2.el8.x86_64.rpm qpid-proton-cpp-debuginfo-0.32.0-2.el8.x86_64.rpm qpid-proton-cpp-devel-0.32.0-2.el8.x86_64.rpm qpid-proton-debuginfo-0.32.0-2.el8.x86_64.rpm qpid-proton-debugsource-0.32.0-2.el8.x86_64.rpm rubygem-qpid_proton-0.32.0-2.el8.x86_64.rpm rubygem-qpid_proton-debuginfo-0.32.0-2.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

8

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1785",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ucosminexus application server",
        "scope": null,
        "trust": 1.6,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "ucosminexus service platform",
        "scope": null,
        "trust": 1.6,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "banking digital experience",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "20.1"
      },
      {
        "model": "primavera unifier",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.8"
      },
      {
        "model": "insurance policy administration j2ee",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1.0.15"
      },
      {
        "model": "retail sales audit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "communications session route manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "banking digital experience",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.1"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.0"
      },
      {
        "model": "banking digital experience",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.3"
      },
      {
        "model": "communications session route manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2.2"
      },
      {
        "model": "communications evolved communications application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.1"
      },
      {
        "model": "banking digital experience",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.1"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0"
      },
      {
        "model": "financial services price creation and discovery",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.6"
      },
      {
        "model": "primavera unifier",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.2"
      },
      {
        "model": "communications network charging and control",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.0.3"
      },
      {
        "model": "primavera unifier",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.12"
      },
      {
        "model": "financial services institutional performance analytics",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.6"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "financial services analytical applications infrastructure",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "model": "primavera unifier",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.7"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2.2"
      },
      {
        "model": "webcenter portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "retail merchandising system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "global lifecycle management opatch",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.0.1.20"
      },
      {
        "model": "autovue for agile product lifecycle management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21.0.2"
      },
      {
        "model": "communications session report manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2.0"
      },
      {
        "model": "jackson-databind",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fasterxml",
        "version": "2.9.10.4"
      },
      {
        "model": "retail service backbone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.2.4.2"
      },
      {
        "model": "financial services retail customer analytics",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.6"
      },
      {
        "model": "communications element manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2.0"
      },
      {
        "model": "communications network charging and control",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.0.0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6.0.1"
      },
      {
        "model": "primavera unifier",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.12"
      },
      {
        "model": "communications session report manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2.2"
      },
      {
        "model": "communications contacts server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0.5.0"
      },
      {
        "model": "jd edwards enterpriseone orchestrator",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.2.4.2"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.0"
      },
      {
        "model": "banking digital experience",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.2"
      },
      {
        "model": "retail service backbone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0"
      },
      {
        "model": "financial services analytical applications infrastructure",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.6"
      },
      {
        "model": "banking platform",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "2.4.0"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.4.0.0"
      },
      {
        "model": "insurance policy administration j2ee",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.0.2.25"
      },
      {
        "model": "communications instant messaging server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.0.1.4.0"
      },
      {
        "model": "banking platform",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "2.9.0"
      },
      {
        "model": "banking digital experience",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.2"
      },
      {
        "model": "communications element manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2.2"
      },
      {
        "model": "financial services institutional performance analytics",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.0"
      },
      {
        "model": "agile plm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.3.6"
      },
      {
        "model": "financial services price creation and discovery",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.7"
      },
      {
        "model": "retail service backbone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "steelstore cloud integrated storage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "communications calendar server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0.4.0"
      },
      {
        "model": "primavera unifier",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.1"
      },
      {
        "model": "webcenter portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "jackson-databind",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fasterxml",
        "version": "2.9.0"
      },
      {
        "model": "financial services institutional performance analytics",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.7"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.3.0.0"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "ucosminexus application server-r",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jackson-databind",
        "scope": null,
        "trust": 0.8,
        "vendor": "fasterxml",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003617"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11113"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.9.10.4",
                "versionStartIncluding": "2.9.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "17.12",
                "versionStartIncluding": "17.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1.0",
                "versionStartIncluding": "8.0.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.2.2",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.4.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.4.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.0.3",
                "versionStartIncluding": "12.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.9.0",
                "versionStartIncluding": "2.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.2.0.1.20",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.2.2",
                "versionStartIncluding": "8.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.2.2",
                "versionStartIncluding": "8.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.2.2",
                "versionStartIncluding": "8.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-11113"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "158650"
      },
      {
        "db": "PACKETSTORM",
        "id": "157741"
      },
      {
        "db": "PACKETSTORM",
        "id": "160601"
      },
      {
        "db": "PACKETSTORM",
        "id": "157859"
      },
      {
        "db": "PACKETSTORM",
        "id": "158651"
      },
      {
        "db": "PACKETSTORM",
        "id": "159208"
      },
      {
        "db": "PACKETSTORM",
        "id": "158636"
      },
      {
        "db": "PACKETSTORM",
        "id": "159271"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-1735"
      }
    ],
    "trust": 1.4
  },
  "cve": "CVE-2020-11113",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2020-11113",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-163659",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2020-11113",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-11113",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2020-11113",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202003-1735",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-163659",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-11113",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-163659"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-11113"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003617"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-1735"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11113"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11113"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). FasterXML jackson-databind contains an untrusted data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nSecurity Fix(es):\n\n* apache-commons-beanutils: does not suppresses the class property in\nPropertyUtilsBean by default (CVE-2019-10086)\n\n* cxf: does not restrict the number of message attachments (CVE-2019-12406)\n\n* cxf: OpenId Connect token service does not properly validate the clientId\n(CVE-2019-12419)\n\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* jackson-databind: Multiple serialization gadgets (CVE-2019-17531,\nCVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540,\nCVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546,\nCVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968,\nCVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619,\nCVE-2020-11620, CVE-2019-20330, CVE-2020-8840)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command \nexecution (CVE-2020-10672, CVE-2020-10673)\n\n* keycloak: adapter endpoints are exposed via arbitrary URLs\n(CVE-2019-14820)\n\n* keycloak: missing signatures validation on CRL used to verify client\ncertificates (CVE-2019-3875)\n\n* keycloak: SAML broker does not check existence of signature on document\nallowing any user impersonation (CVE-2019-10201)\n\n* keycloak: CSRF check missing in My Resources functionality in the Account\nConsole (CVE-2019-10199)\n\n* keycloak: cross-realm user access auth bypass (CVE-2019-14832)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n\n* SmallRye: SecuritySupport class is incorrectly public and contains a\nstatic method to access the current threads context class loader\n(CVE-2020-1729)\n\n* thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* thrift: Endless loop when feed with specific input data (CVE-2019-0205)\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server\nlistening on HTTPS (CVE-2019-14888)\n\n* wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not\nrespected if OpenSSL security provider is in use (CVE-2019-14887)\n\n* wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and\n\u0027Deployer\u0027 user by default (CVE-2019-14838)\n\n* xml-security: Apache Santuario potentially loads XML parsing code from an\nuntrusted source (CVE-2019-12400)\n\nFor more details about the security issues and their impact, the CVSS\nscore, acknowledgements, and other related information, see the CVE pages\nlisted in the References section. You must be logged in to download the update. \n\nNOTE: This advisory is an addendum to\nhttps://access.redhat.com/errata/RHBA-2020:1414 and is an informational\nadvisory only, to clarify security fixes released therein. No code has been\nmodified as part of this advisory. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n1800573 - CVE-2020-1727 keycloak: missing input validation in IDP authorization URLs\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n\n5. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18881 - Upgrade Undertow to 2.0.30.SP1\nJBEAP-18974 - Upgrade snakeyaml to 1.26\nJBEAP-18975 - Upgrade cryptacular to 1.2.4\nJBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001\nJBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final\nJBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final\nJBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final\nJBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: Red Hat Data Grid 7.3.7 security update\nAdvisory ID:       RHSA-2020:3779-01\nProduct:           Red Hat JBoss Data Grid\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:3779\nIssue date:        2020-09-17\nCVE Names:         CVE-2017-7658 CVE-2019-10172 CVE-2020-1695\n                   CVE-2020-1710 CVE-2020-1719 CVE-2020-1745\n                   CVE-2020-1748 CVE-2020-1757 CVE-2020-8840\n                   CVE-2020-9488 CVE-2020-9546 CVE-2020-9547\n                   CVE-2020-9548 CVE-2020-10672 CVE-2020-10673\n                   CVE-2020-10714 CVE-2020-10968 CVE-2020-10969\n                   CVE-2020-11111 CVE-2020-11112 CVE-2020-11113\n                   CVE-2020-11612 CVE-2020-11619 CVE-2020-11620\n====================================================================\n1. Summary:\n\nAn update for Red Hat Data Grid is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat\nData Grid 7.3.6 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. \n\nSecurity Fix(es):\n\n* jetty: Incorrect header handling (CVE-2017-7658)\n\n* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)\n\n* undertow: servletPath is normalized incorrectly leading to dangerous\napplication mapping which could result in security bypass (CVE-2020-1757)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n(CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config\n(CVE-2020-9546)\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in\norg.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)\n\n* jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n(CVE-2020-10969)\n\n* jackson-databind: Serialization gadgets in\norg.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)\n\n* jackson-databind: Serialization gadgets in\norg.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)\n\n* jackson-databind: Serialization gadgets in\norg.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)\n\n* jackson-databind: Serialization gadgets in org.springframework:spring-aop\n(CVE-2020-11619)\n\n* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n(CVE-2020-11620)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* resteasy: Improper validation of response header in\nMediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* Wildfly: EJBContext principal is not popped back after invoking another\nEJB using a different Security Domain (CVE-2020-1719)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when\nusing alternative protection domain (CVE-2020-1748)\n\n* wildfly-elytron: session fixation when using FORM authentication\n(CVE-2020-10714)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer\nallocation sizes (CVE-2020-11612)\n\n* log4j: improper validation of certificate with host mismatch in SMTP\nappender (CVE-2020-9488)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See\nthe download link in the References section. \n2. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. \n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. \n4. Restart Data Grid to ensure the changes take effect. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1595621 - CVE-2017-7658 jetty: Incorrect header handling\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-7658\nhttps://access.redhat.com/security/cve/CVE-2019-10172\nhttps://access.redhat.com/security/cve/CVE-2020-1695\nhttps://access.redhat.com/security/cve/CVE-2020-1710\nhttps://access.redhat.com/security/cve/CVE-2020-1719\nhttps://access.redhat.com/security/cve/CVE-2020-1745\nhttps://access.redhat.com/security/cve/CVE-2020-1748\nhttps://access.redhat.com/security/cve/CVE-2020-1757\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9488\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10672\nhttps://access.redhat.com/security/cve/CVE-2020-10673\nhttps://access.redhat.com/security/cve/CVE-2020-10714\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11111\nhttps://access.redhat.com/security/cve/CVE-2020-11112\nhttps://access.redhat.com/security/cve/CVE-2020-11113\nhttps://access.redhat.com/security/cve/CVE-2020-11612\nhttps://access.redhat.com/security/cve/CVE-2020-11619\nhttps://access.redhat.com/security/cve/CVE-2020-11620\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\\xdata.grid\u0026downloadType=securityPatches\u0026version=7.3\nhttps://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX2Nf/dzjgjWX9erEAQifjA/7BlSA2KK7e4RlxfRAP3Sj7xT+CRlFcOJn\nNVVI6DNpfZNtD/TJ4M5JFMP/yzKb+/FoaGVUexqiUxQBcrYsViZdfwfQ6PSwQgd8\n5GAtC0NINGYmr0y7m6sKbAwAofnmCoEjNPjpdfLG632Err4vXDT9pGx1RNIrfS0A\nqaOSuf2BjZkD9A6Azroupq/ePmRnDBW4ovWF4ES415Pa5T7N4rmoyZ3UnGrbubmm\nGisjzhBbFyjL2wM1gMtqKlf5Qdre0XQIio4YLEnK1DaS7qLS36L04UJP9rwtB/nn\naCOKZE/4Ch0gYcNlwniH4MK4Aiy/z/OGQopuhJoKFADJ3Y5lnJwCWDMjMKwWSj1G\nDvKG4uSIa8l2oxGQURThwxY1Jr7sbQTy2QXCVoyZj9oOKoGel+qJaGVFVnwsOpB7\nMB8nPAuINZ91RR7xSBLv/AyoLnXV3dI97kOyTwEhld6THIwAUWqk+V2y7M6Onlx9\nPf+whfe0ORHzeCj/UBZh2NqcuShUpjdE9aLyYyefa2VV4t+0L4XlIfnlNuL8Ja7j\nwzLJlo/u8XMktoXRrBpMWZaCzcqN1+BTuQUXNZeqfNtgFmCgJVxp6tHyHni7flQq\nP2M8FaCyQHyQ1ggSljgZ66AEdiwatYpqOxR4yUyrKmsXt9iPsX45TdA9zSKmF2Sb\nPyKX8lLP6w8=n+2X\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Relevant releases/architectures:\n\n6Client-AMQ-Clients-2 - i386, noarch, x86_64\n6ComputeNode-AMQ-Clients-2 - noarch, x86_64\n6Server-AMQ-Clients-2 - i386, noarch, x86_64\n6Workstation-AMQ-Clients-2 - i386, noarch, x86_64\n7Client-AMQ-Clients-2 - noarch, x86_64\n7ComputeNode-AMQ-Clients-2 - noarch, x86_64\n7Server-AMQ-Clients-2 - noarch, x86_64\n7Workstation-AMQ-Clients-2 - noarch, x86_64\n8Base-AMQ-Clients-2 - noarch, x86_64\n\n3. Description:\n\nRed Hat AMQ Clients enable connecting, sending, and receiving messages over\nthe AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n1851327 - CVE-2020-14307 wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service\n1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nENTMQCL-1987 - AMQ Resource Adapter example project is incompatible with Maven 3.6\nENTMQCL-1988 - AMQ Resource Adapter example project does not run\nENTMQCL-2070 - [jms] Log successful reconnects more prominently\n\n7. Package List:\n\n6Client-AMQ-Clients-2:\n\nSource:\nqpid-cpp-1.36.0-31.el6_10amq.src.rpm\nqpid-proton-0.32.0-1.el6_10.src.rpm\n\ni386:\npython-qpid-proton-0.32.0-1.el6_10.i686.rpm\nqpid-proton-c-0.32.0-1.el6_10.i686.rpm\nqpid-proton-c-devel-0.32.0-1.el6_10.i686.rpm\nqpid-proton-cpp-0.32.0-1.el6_10.i686.rpm\nqpid-proton-cpp-devel-0.32.0-1.el6_10.i686.rpm\nqpid-proton-debuginfo-0.32.0-1.el6_10.i686.rpm\n\nnoarch:\npython-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm\nqpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm\nqpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm\nqpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm\nqpid-proton-tests-0.32.0-1.el6_10.noarch.rpm\n\nx86_64:\npython-qpid-proton-0.32.0-1.el6_10.x86_64.rpm\nqpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm\nqpid-proton-c-0.32.0-1.el6_10.x86_64.rpm\nqpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm\nqpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm\nqpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm\nqpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm\n\n6ComputeNode-AMQ-Clients-2:\n\nSource:\nqpid-cpp-1.36.0-31.el6_10amq.src.rpm\nqpid-proton-0.32.0-1.el6_10.src.rpm\n\nnoarch:\npython-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm\nqpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm\nqpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm\nqpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm\nqpid-proton-tests-0.32.0-1.el6_10.noarch.rpm\n\nx86_64:\npython-qpid-proton-0.32.0-1.el6_10.x86_64.rpm\nqpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm\nqpid-proton-c-0.32.0-1.el6_10.x86_64.rpm\nqpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm\nqpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm\nqpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm\nqpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm\n\n6Server-AMQ-Clients-2:\n\nSource:\nqpid-cpp-1.36.0-31.el6_10amq.src.rpm\nqpid-proton-0.32.0-1.el6_10.src.rpm\n\ni386:\npython-qpid-proton-0.32.0-1.el6_10.i686.rpm\nqpid-proton-c-0.32.0-1.el6_10.i686.rpm\nqpid-proton-c-devel-0.32.0-1.el6_10.i686.rpm\nqpid-proton-cpp-0.32.0-1.el6_10.i686.rpm\nqpid-proton-cpp-devel-0.32.0-1.el6_10.i686.rpm\nqpid-proton-debuginfo-0.32.0-1.el6_10.i686.rpm\n\nnoarch:\npython-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm\nqpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm\nqpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm\nqpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm\nqpid-proton-tests-0.32.0-1.el6_10.noarch.rpm\n\nx86_64:\npython-qpid-proton-0.32.0-1.el6_10.x86_64.rpm\nqpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm\nqpid-proton-c-0.32.0-1.el6_10.x86_64.rpm\nqpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm\nqpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm\nqpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm\nqpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm\n\n6Workstation-AMQ-Clients-2:\n\nSource:\nqpid-cpp-1.36.0-31.el6_10amq.src.rpm\nqpid-proton-0.32.0-1.el6_10.src.rpm\n\ni386:\npython-qpid-proton-0.32.0-1.el6_10.i686.rpm\nqpid-proton-c-0.32.0-1.el6_10.i686.rpm\nqpid-proton-c-devel-0.32.0-1.el6_10.i686.rpm\nqpid-proton-cpp-0.32.0-1.el6_10.i686.rpm\nqpid-proton-cpp-devel-0.32.0-1.el6_10.i686.rpm\nqpid-proton-debuginfo-0.32.0-1.el6_10.i686.rpm\n\nnoarch:\npython-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm\nqpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm\nqpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm\nqpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm\nqpid-proton-tests-0.32.0-1.el6_10.noarch.rpm\n\nx86_64:\npython-qpid-proton-0.32.0-1.el6_10.x86_64.rpm\nqpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm\nqpid-proton-c-0.32.0-1.el6_10.x86_64.rpm\nqpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm\nqpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm\nqpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm\nqpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm\n\n7Client-AMQ-Clients-2:\n\nSource:\nqpid-cpp-1.36.0-31.el7amq.src.rpm\nqpid-proton-0.32.0-2.el7.src.rpm\n\nnoarch:\npython-qpid-proton-docs-0.32.0-2.el7.noarch.rpm\nqpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm\nqpid-proton-c-docs-0.32.0-2.el7.noarch.rpm\nqpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm\nqpid-proton-tests-0.32.0-2.el7.noarch.rpm\n\nx86_64:\npython-qpid-proton-0.32.0-2.el7.x86_64.rpm\nqpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm\nqpid-proton-c-0.32.0-2.el7.x86_64.rpm\nqpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm\nqpid-proton-cpp-0.32.0-2.el7.x86_64.rpm\nqpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm\nqpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm\nrubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm\n\n7ComputeNode-AMQ-Clients-2:\n\nSource:\nqpid-cpp-1.36.0-31.el7amq.src.rpm\nqpid-proton-0.32.0-2.el7.src.rpm\n\nnoarch:\npython-qpid-proton-docs-0.32.0-2.el7.noarch.rpm\nqpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm\nqpid-proton-c-docs-0.32.0-2.el7.noarch.rpm\nqpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm\nqpid-proton-tests-0.32.0-2.el7.noarch.rpm\n\nx86_64:\npython-qpid-proton-0.32.0-2.el7.x86_64.rpm\nqpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm\nqpid-proton-c-0.32.0-2.el7.x86_64.rpm\nqpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm\nqpid-proton-cpp-0.32.0-2.el7.x86_64.rpm\nqpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm\nqpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm\nrubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm\n\n7Server-AMQ-Clients-2:\n\nSource:\nqpid-cpp-1.36.0-31.el7amq.src.rpm\nqpid-proton-0.32.0-2.el7.src.rpm\n\nnoarch:\npython-qpid-proton-docs-0.32.0-2.el7.noarch.rpm\nqpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm\nqpid-proton-c-docs-0.32.0-2.el7.noarch.rpm\nqpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm\nqpid-proton-tests-0.32.0-2.el7.noarch.rpm\n\nx86_64:\npython-qpid-proton-0.32.0-2.el7.x86_64.rpm\nqpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm\nqpid-proton-c-0.32.0-2.el7.x86_64.rpm\nqpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm\nqpid-proton-cpp-0.32.0-2.el7.x86_64.rpm\nqpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm\nqpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm\nrubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm\n\n7Workstation-AMQ-Clients-2:\n\nSource:\nqpid-cpp-1.36.0-31.el7amq.src.rpm\nqpid-proton-0.32.0-2.el7.src.rpm\n\nnoarch:\npython-qpid-proton-docs-0.32.0-2.el7.noarch.rpm\nqpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm\nqpid-proton-c-docs-0.32.0-2.el7.noarch.rpm\nqpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm\nqpid-proton-tests-0.32.0-2.el7.noarch.rpm\n\nx86_64:\npython-qpid-proton-0.32.0-2.el7.x86_64.rpm\nqpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm\nqpid-proton-c-0.32.0-2.el7.x86_64.rpm\nqpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm\nqpid-proton-cpp-0.32.0-2.el7.x86_64.rpm\nqpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm\nqpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm\nrubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm\n\n8Base-AMQ-Clients-2:\n\nSource:\nnodejs-rhea-1.0.24-1.el8.src.rpm\nqpid-proton-0.32.0-2.el8.src.rpm\n\nnoarch:\nnodejs-rhea-1.0.24-1.el8.noarch.rpm\npython-qpid-proton-docs-0.32.0-2.el8.noarch.rpm\nqpid-proton-c-docs-0.32.0-2.el8.noarch.rpm\nqpid-proton-cpp-docs-0.32.0-2.el8.noarch.rpm\nqpid-proton-tests-0.32.0-2.el8.noarch.rpm\n\nx86_64:\npython3-qpid-proton-0.32.0-2.el8.x86_64.rpm\npython3-qpid-proton-debuginfo-0.32.0-2.el8.x86_64.rpm\nqpid-proton-c-0.32.0-2.el8.x86_64.rpm\nqpid-proton-c-debuginfo-0.32.0-2.el8.x86_64.rpm\nqpid-proton-c-devel-0.32.0-2.el8.x86_64.rpm\nqpid-proton-cpp-0.32.0-2.el8.x86_64.rpm\nqpid-proton-cpp-debuginfo-0.32.0-2.el8.x86_64.rpm\nqpid-proton-cpp-devel-0.32.0-2.el8.x86_64.rpm\nqpid-proton-debuginfo-0.32.0-2.el8.x86_64.rpm\nqpid-proton-debugsource-0.32.0-2.el8.x86_64.rpm\nrubygem-qpid_proton-0.32.0-2.el8.x86_64.rpm\nrubygem-qpid_proton-debuginfo-0.32.0-2.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-11113"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003617"
      },
      {
        "db": "VULHUB",
        "id": "VHN-163659"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-11113"
      },
      {
        "db": "PACKETSTORM",
        "id": "158650"
      },
      {
        "db": "PACKETSTORM",
        "id": "157741"
      },
      {
        "db": "PACKETSTORM",
        "id": "160601"
      },
      {
        "db": "PACKETSTORM",
        "id": "157859"
      },
      {
        "db": "PACKETSTORM",
        "id": "158651"
      },
      {
        "db": "PACKETSTORM",
        "id": "159208"
      },
      {
        "db": "PACKETSTORM",
        "id": "158636"
      },
      {
        "db": "PACKETSTORM",
        "id": "159271"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-11113",
        "trust": 4.2
      },
      {
        "db": "PACKETSTORM",
        "id": "159208",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "158651",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "160601",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "159271",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95897514",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003617",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-1735",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "157322",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1399",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1766",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2588",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4471",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3190",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1368",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1882",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2619",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3258",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060909",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "48047",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "158650",
        "trust": 0.2
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-21476",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-163659",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-11113",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "157741",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "157859",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158636",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-163659"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-11113"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003617"
      },
      {
        "db": "PACKETSTORM",
        "id": "158650"
      },
      {
        "db": "PACKETSTORM",
        "id": "157741"
      },
      {
        "db": "PACKETSTORM",
        "id": "160601"
      },
      {
        "db": "PACKETSTORM",
        "id": "157859"
      },
      {
        "db": "PACKETSTORM",
        "id": "158651"
      },
      {
        "db": "PACKETSTORM",
        "id": "159208"
      },
      {
        "db": "PACKETSTORM",
        "id": "158636"
      },
      {
        "db": "PACKETSTORM",
        "id": "159271"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-1735"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11113"
      }
    ]
  },
  "id": "VAR-202003-1785",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-163659"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T21:12:28.156000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "hitachi-sec-2021-109",
        "trust": 0.8,
        "url": "https://github.com/fasterxml/jackson-databind/issues/2670"
      },
      {
        "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115369"
      },
      {
        "title": "Red Hat: Moderate: AMQ Clients 2.8.0 Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203817 - security advisory"
      },
      {
        "title": "Red Hat: Important: rh-maven35-jackson-databind security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201523 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Single Sign-On 7.4.0 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205625 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203779 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory"
      },
      {
        "title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 19 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202333 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202067 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory"
      },
      {
        "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109"
      },
      {
        "title": "CVE-2020-11113",
        "trust": 0.1,
        "url": "https://github.com/al1ex/cve-2020-11113 "
      },
      {
        "title": "Cubed",
        "trust": 0.1,
        "url": "https://github.com/yahoo/cubed "
      },
      {
        "title": "Java-Deserialization-CVEs",
        "trust": 0.1,
        "url": "https://github.com/palindromelabs/java-deserialization-cves "
      },
      {
        "title": "PoC in GitHub",
        "trust": 0.1,
        "url": "https://github.com/soosmile/poc "
      },
      {
        "title": "PoC in GitHub",
        "trust": 0.1,
        "url": "https://github.com/developer3000s/poc-in-github "
      },
      {
        "title": "PoC in GitHub",
        "trust": 0.1,
        "url": "https://github.com/hectorgie/poc-in-github "
      },
      {
        "title": "PoC in GitHub",
        "trust": 0.1,
        "url": "https://github.com/0xt11/cve-poc "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-11113"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003617"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-1735"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-502",
        "trust": 1.1
      },
      {
        "problemtype": "Deserialization of untrusted data (CWE-502) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-163659"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003617"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11113"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
      },
      {
        "trust": 1.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/fasterxml/jackson-databind/issues/2670"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
      },
      {
        "trust": 1.1,
        "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95897514/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2020-11113"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.8,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.7,
        "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-11112"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-10968"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-11111"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-9547"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-10672"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-11619"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-10969"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-11620"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1368/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159271/red-hat-security-advisory-2020-3817-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2588/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6525182"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3258/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/48047"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/157322/red-hat-security-advisory-2020-1523-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160601/red-hat-security-advisory-2020-5625-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1882/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4471/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-denial-of-service-via-openjpa-wasregistrymanagedruntime-serialization-gadgets-typing-32065"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6528214"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3190/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1399/"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2020-9546"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2020-10673"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2020-9548"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2020-8840"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2019-20330"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2020-7238"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-17573"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-20445"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-20444"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-10086"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-14060"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-9512"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-12406"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-9514"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-9515"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-14061"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-14062"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-16869"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-12423"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-11612"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-16335"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-16943"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-17531"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-14540"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-17267"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-14893"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-16942"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-14888"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-14892"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-1745"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/errata/rhsa-2020:3817"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-13990"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1718"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9518"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0210"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9511"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-12419"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0205"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-12400"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-14887"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1695"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-10172"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9488"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1757"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/502.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/al1ex/cve-2020-11113"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-109/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3875"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14832"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2067"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10219"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10199"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10201"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1729"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14820"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1727"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1727"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:5625"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=distributions\u0026version=7.4"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhba-2020:1414"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2333"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/19/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10688"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xeap-cd\u0026downloadtype=securitypatches\u0026version\u0019"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10174"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1732"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3197"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1719"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=securitypatches\u0026version=7.3"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3779"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10714"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7658"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1710"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-7658"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1748"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12086"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-1000632"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-3831"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0231"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-11797"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-12541"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4970"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9827"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1953"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3192"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14195"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14307"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_amq"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14307"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14297"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-163659"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-11113"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003617"
      },
      {
        "db": "PACKETSTORM",
        "id": "158650"
      },
      {
        "db": "PACKETSTORM",
        "id": "157741"
      },
      {
        "db": "PACKETSTORM",
        "id": "160601"
      },
      {
        "db": "PACKETSTORM",
        "id": "157859"
      },
      {
        "db": "PACKETSTORM",
        "id": "158651"
      },
      {
        "db": "PACKETSTORM",
        "id": "159208"
      },
      {
        "db": "PACKETSTORM",
        "id": "158636"
      },
      {
        "db": "PACKETSTORM",
        "id": "159271"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-1735"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11113"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-163659"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-11113"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003617"
      },
      {
        "db": "PACKETSTORM",
        "id": "158650"
      },
      {
        "db": "PACKETSTORM",
        "id": "157741"
      },
      {
        "db": "PACKETSTORM",
        "id": "160601"
      },
      {
        "db": "PACKETSTORM",
        "id": "157859"
      },
      {
        "db": "PACKETSTORM",
        "id": "158651"
      },
      {
        "db": "PACKETSTORM",
        "id": "159208"
      },
      {
        "db": "PACKETSTORM",
        "id": "158636"
      },
      {
        "db": "PACKETSTORM",
        "id": "159271"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-1735"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11113"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-163659"
      },
      {
        "date": "2020-03-31T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-11113"
      },
      {
        "date": "2020-04-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-003617"
      },
      {
        "date": "2020-07-29T17:52:58",
        "db": "PACKETSTORM",
        "id": "158650"
      },
      {
        "date": "2020-05-18T16:42:53",
        "db": "PACKETSTORM",
        "id": "157741"
      },
      {
        "date": "2020-12-17T18:09:37",
        "db": "PACKETSTORM",
        "id": "160601"
      },
      {
        "date": "2020-05-28T16:22:46",
        "db": "PACKETSTORM",
        "id": "157859"
      },
      {
        "date": "2020-07-29T17:53:05",
        "db": "PACKETSTORM",
        "id": "158651"
      },
      {
        "date": "2020-09-17T14:07:40",
        "db": "PACKETSTORM",
        "id": "159208"
      },
      {
        "date": "2020-07-29T00:05:59",
        "db": "PACKETSTORM",
        "id": "158636"
      },
      {
        "date": "2020-09-23T14:57:38",
        "db": "PACKETSTORM",
        "id": "159271"
      },
      {
        "date": "2020-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-1735"
      },
      {
        "date": "2020-03-31T05:15:13.117000",
        "db": "NVD",
        "id": "CVE-2020-11113"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-163659"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-11113"
      },
      {
        "date": "2024-07-22T06:03:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-003617"
      },
      {
        "date": "2022-06-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-1735"
      },
      {
        "date": "2024-07-03T01:36:12.463000",
        "db": "NVD",
        "id": "CVE-2020-11113"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-1735"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted data deserialization vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003617"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-1735"
      }
    ],
    "trust": 0.6
  }
}

var-202101-1939
Vulnerability from variot

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================

  1. Summary:

Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

  1. Solution:

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2021:1232

All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor

For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html

Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html

  1. Bugs fixed (https://bugzilla.redhat.com/):

1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:

https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):

LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"

5

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1939",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "primavera unifier",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.7"
      },
      {
        "model": "communications session report manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2.2.1"
      },
      {
        "model": "banking virtual account management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.3.0"
      },
      {
        "model": "banking extensibility workbench",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.5"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.5.0"
      },
      {
        "model": "primavera unifier",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.12"
      },
      {
        "model": "communications pricing design center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.0.0.4.0"
      },
      {
        "model": "retail customer management and segmentation foundation",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "banking supply chain finance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.3"
      },
      {
        "model": "commerce platform",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.3.2"
      },
      {
        "model": "jackson-databind",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fasterxml",
        "version": "2.6.7.5"
      },
      {
        "model": "retail service backbone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.3.2"
      },
      {
        "model": "communications instant messaging server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.0.1.5.0"
      },
      {
        "model": "banking treasury management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.4"
      },
      {
        "model": "banking credit facilities process management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.5"
      },
      {
        "model": "retail merchandising system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3"
      },
      {
        "model": "data integrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.0.2"
      },
      {
        "model": "primavera gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.8.0"
      },
      {
        "model": "communications element manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2.4.0"
      },
      {
        "model": "banking corporate lending process management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.2"
      },
      {
        "model": "banking credit facilities process management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.3"
      },
      {
        "model": "retail customer management and segmentation foundation",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.0"
      },
      {
        "model": "communications unified inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.4.1"
      },
      {
        "model": "communications convergent charging controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.0.4.0.0"
      },
      {
        "model": "primavera gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.12.0"
      },
      {
        "model": "documaker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.6.3"
      },
      {
        "model": "webcenter portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "insurance rules palette",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.3.0"
      },
      {
        "model": "jd edwards enterpriseone orchestrator",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.2.5.3"
      },
      {
        "model": "goldengate application adapters",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.1.0.0.0"
      },
      {
        "model": "insurance rules palette",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.0.2"
      },
      {
        "model": "communications diameter signaling route",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.5.0.0"
      },
      {
        "model": "documaker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.6.0"
      },
      {
        "model": "insurance rules palette",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1.0"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.2.5.3"
      },
      {
        "model": "primavera unifier",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.8"
      },
      {
        "model": "communications diameter signaling route",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0.0"
      },
      {
        "model": "communications services gatekeeper",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.0"
      },
      {
        "model": "primavera gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.12.10"
      },
      {
        "model": "communications session report manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0.0"
      },
      {
        "model": "banking corporate lending process management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.5"
      },
      {
        "model": "jackson-databind",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fasterxml",
        "version": "2.7.0"
      },
      {
        "model": "primavera gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.12.0"
      },
      {
        "model": "insurance policy administration",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.0.2"
      },
      {
        "model": "insurance policy administration",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1.0"
      },
      {
        "model": "primavera gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "20.12.0"
      },
      {
        "model": "communications session route manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2.2.1"
      },
      {
        "model": "primavera unifier",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.2"
      },
      {
        "model": "communications offline mediation controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.0.0.3"
      },
      {
        "model": "banking virtual account management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.5.0"
      },
      {
        "model": "retail service backbone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3.1"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.0.4.0.0"
      },
      {
        "model": "primavera unifier",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "20.12"
      },
      {
        "model": "banking corporate lending process management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.3"
      },
      {
        "model": "webcenter portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "banking supply chain finance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.2"
      },
      {
        "model": "primavera gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.8.11"
      },
      {
        "model": "banking extensibility workbench",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.3"
      },
      {
        "model": "primavera unifier",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.12"
      },
      {
        "model": "banking virtual account management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.2.0"
      },
      {
        "model": "communications element manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2.0.0"
      },
      {
        "model": "banking extensibility workbench",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.2"
      },
      {
        "model": "communications cloud native core policy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.14.0"
      },
      {
        "model": "communications cloud native core unified data repository",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.4.0"
      },
      {
        "model": "communications evolved communications application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.1"
      },
      {
        "model": "communications session route manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2.0.0"
      },
      {
        "model": "agile plm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.3.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "jackson-databind",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fasterxml",
        "version": "2.9.10.8"
      },
      {
        "model": "autovue for agile product lifecycle management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21.0.2"
      },
      {
        "model": "banking credit facilities process management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.2"
      },
      {
        "model": "commerce platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.2.0"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.0.4"
      },
      {
        "model": "jackson-databind",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fasterxml",
        "version": "2.0.0"
      },
      {
        "model": "service level manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "commerce platform",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.3.0"
      },
      {
        "model": "communications billing and revenue management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.5.0.23.0"
      },
      {
        "model": "blockchain platform",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21.1.2"
      },
      {
        "model": "communications billing and revenue management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.0.0.3.0"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.0.3"
      },
      {
        "model": "insurance policy administration",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.3.0"
      },
      {
        "model": "primavera gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.12.11"
      },
      {
        "model": "application testing suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.3.0.1"
      },
      {
        "model": "banking supply chain finance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.5"
      },
      {
        "model": "retail service backbone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3.0"
      },
      {
        "model": "documaker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.6.4"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.6"
      },
      {
        "model": "service level manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "jackson-databind",
        "scope": null,
        "trust": 0.8,
        "vendor": "fasterxml",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002834"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-36181"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.9.10.8",
                "versionStartIncluding": "2.9.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "17.12",
                "versionStartIncluding": "17.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.3.2",
                "versionStartIncluding": "11.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.5.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.5.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.3.0",
                "versionStartIncluding": "11.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.3.0",
                "versionStartIncluding": "11.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "19.12.10",
                "versionStartIncluding": "19.12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "18.8.11",
                "versionStartIncluding": "18.8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "17.12.11",
                "versionStartIncluding": "17.12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "19.0",
                "versionStartIncluding": "16.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.5.0.0",
                "versionStartIncluding": "8.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.2.2.1",
                "versionStartIncluding": "8.2.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.2.2.1",
                "versionStartIncluding": "8.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.2.4.0",
                "versionStartIncluding": "8.2.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "21.1.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-36181"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "162350"
      },
      {
        "db": "PACKETSTORM",
        "id": "162493"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-330"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2020-36181",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2020-36181",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-381448",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.1,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2020-36181",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-36181",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202101-330",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-381448",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-36181",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381448"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-36181"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002834"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-36181"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-330"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID:       RHSA-2021:1230-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:1230\nIssue date:        2021-04-27\nCVE Names:         CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n                   CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n                   CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n                   CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n                   CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n                   CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n                   CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n                   CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n                   CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-36181"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002834"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-381448"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-36181"
      },
      {
        "db": "PACKETSTORM",
        "id": "162350"
      },
      {
        "db": "PACKETSTORM",
        "id": "162493"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-36181",
        "trust": 2.8
      },
      {
        "db": "PACKETSTORM",
        "id": "162493",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "162350",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002834",
        "trust": 0.8
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021110515",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021050708",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060909",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021042826",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1397",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1437",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1573",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-330",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-381448",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-36181",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381448"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-36181"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002834"
      },
      {
        "db": "PACKETSTORM",
        "id": "162350"
      },
      {
        "db": "PACKETSTORM",
        "id": "162493"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-36181"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-330"
      }
    ]
  },
  "id": "VAR-202101-1939",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381448"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:53:27.759000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "NTAP-20210205-0005",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
      },
      {
        "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138936"
      },
      {
        "title": "IBM: Security Bulletin:  IBM Security Guardium is affected by a jackson-databind vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb"
      },
      {
        "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128"
      },
      {
        "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
      },
      {
        "title": "CVE-2020-36179",
        "trust": 0.1,
        "url": "https://github.com/al1ex/cve-2020-36179 "
      },
      {
        "title": "Al1ex",
        "trust": 0.1,
        "url": "https://github.com/al1ex/al1ex "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-36181"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002834"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-330"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-502",
        "trust": 1.1
      },
      {
        "problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381448"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002834"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-36181"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
      },
      {
        "trust": 1.8,
        "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/fasterxml/jackson-databind/issues/3004"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181"
      },
      {
        "trust": 0.7,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1437"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6455267"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021110515"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021042826"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6528214"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1397"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1573"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6525182"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021050708"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-19360"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-14718"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-20190"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-14719"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-14720"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-35491"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-35490"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-35728"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36180"
      },
      {
        "trust": 0.2,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36181"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-19362"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36183"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36188"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-14721"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36179"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36182"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36185"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-24750"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36186"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36187"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36189"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-36184"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-19361"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-14379"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/502.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/al1ex/cve-2020-36179"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3449"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:1230"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhba-2021:1232"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-2163"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15586"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-16845"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:1515"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381448"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-36181"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002834"
      },
      {
        "db": "PACKETSTORM",
        "id": "162350"
      },
      {
        "db": "PACKETSTORM",
        "id": "162493"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-36181"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-330"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-381448"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-36181"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002834"
      },
      {
        "db": "PACKETSTORM",
        "id": "162350"
      },
      {
        "db": "PACKETSTORM",
        "id": "162493"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-36181"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-330"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-01-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-381448"
      },
      {
        "date": "2021-01-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-36181"
      },
      {
        "date": "2021-10-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-002834"
      },
      {
        "date": "2021-04-27T15:37:46",
        "db": "PACKETSTORM",
        "id": "162350"
      },
      {
        "date": "2021-05-06T15:03:00",
        "db": "PACKETSTORM",
        "id": "162493"
      },
      {
        "date": "2021-01-06T23:15:12.957000",
        "db": "NVD",
        "id": "CVE-2020-36181"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-01-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-330"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-09-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-381448"
      },
      {
        "date": "2022-09-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-36181"
      },
      {
        "date": "2021-10-06T01:05:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-002834"
      },
      {
        "date": "2023-09-13T14:56:39.930000",
        "db": "NVD",
        "id": "CVE-2020-36181"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2022-07-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-330"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-330"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002834"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

var-202003-1784
Vulnerability from variot

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. An attacker could exploit this vulnerability with a specially crafted request to execute arbitrary code on the system. Description:

Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business.

It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: Satellite 6.8 release Advisory ID: RHSA-2020:4366-01 Product: Red Hat Satellite 6 Advisory URL: https://access.redhat.com/errata/RHSA-2020:4366 Issue date: 2020-10-27 CVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781 CVE-2019-16782 CVE-2020-5216 CVE-2020-5217 CVE-2020-5267 CVE-2020-7238 CVE-2020-7663 CVE-2020-7942 CVE-2020-7943 CVE-2020-8161 CVE-2020-8184 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10693 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195 CVE-2020-14334 CVE-2020-14380 ==================================================================== 1. Summary:

An update is now available for Red Hat Satellite 6.8 for RHEL 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Satellite 6.7 - noarch, x86_64 Red Hat Satellite Capsule 6.8 - noarch, x86_64

  1. Description:

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.

Security Fix(es):

  • mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) (CVE-2018-3258)
  • netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)
  • rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7663)
  • puppet: puppet server and puppetDB may leak sensitive information via metrics API (CVE-2020-7943)
  • jackson-databind: multiple serialization gadgets (CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)
  • foreman: unauthorized cache read on RPM-based installations through local user (CVE-2020-14334)
  • Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover (CVE-2020-14380)
  • Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS (CVE-2019-12781)
  • rubygem-rack: hijack sessions by using timing attacks targeting the session id (CVE-2019-16782)
  • rubygem-secure_headers: limited header injection when using dynamic overrides with user input (CVE-2020-5216)
  • rubygem-secure_headers: directive injection when using dynamic overrides with user input (CVE-2020-5217)
  • rubygem-actionview: views that use the j or escape_javascript methods are susceptible to XSS attacks (CVE-2020-5267)
  • puppet: Arbitrary catalog retrieval (CVE-2020-7942)
  • rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)
  • rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names (CVE-2020-8184)
  • hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
  • puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL (CVE-2018-11751)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

  • Provides the Satellite Ansible Modules that allow for full automation of your Satellite configuration and deployment.

  • Adds ability to install Satellite and Capsules and manage hosts in a IPv6 network environment

  • Ansible based Capsule Upgrade automation: Ability to centrally upgrade all of your Capsule servers with a single job execution.

  • Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest version of Puppet

  • Support for HTTP UEFI provisioning

  • Support for CAC card authentication with Keycloak integration

  • Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8 using the LEAPP based tooling.

  • Support for Red Hat Enterprise Linux Traces integration

  • satellite-maintain & foreman-maintain are now self updating

  • Notifications in the UI to warn users when subscriptions are expiring.

The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1160344 - [RFE] Satellite support for cname as alternate cname for satellite server 1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems 1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy 1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt 1398317 - For the vms built by Satellite 6 using "Network Based" installation mode on VMWare, unable to change the boot sequence via BIOS 1410616 - [RFE] Prominent notification of expiring subscriptions. 1410916 - Should only be able to add repositories you have access to 1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3 1461781 - [RFE]A button should be available in the GUI to clear the recurring logics. 1469267 - need updated rubygem-rake 1486446 - Content view versions list has slow query for package count 1486696 - 'hammer host update' removes existing host parameters 1494180 - Sorting by network address for subnet doesn't work properly 1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost 1503037 - [RFE] Cancelled future/recurring job invocations should not get the status "failed" but rather "cancelled" 1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for "172.17.0.101" 1531674 - Operating System Templates are ordered inconsistently in UI. 1537320 - [RFE] Support for Capsules at 1 version lower than Satellite 1543316 - Satellite 6.2 Upgrade Fails with error "rake aborted! NoMethodError: undefined method first' for nil:NilClass" when there are custom bookmarks created 1563270 - Sync status information is lost after cleaning up old tasks related to sync. 1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers ('ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES256-GCM-SHA384') 1571907 - Passenger threads throwing tracebacks on API jobs after spawning 1576859 - [RFE] Implement automatic assigning subnets through data provided by facter 1584184 - [RFE] The locked template is getting overridden by default 1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box 1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template 1608001 - Rearrange search/filter options on Red Hat Repositories page. 1613391 - race condition on removing multiple organizations simultaneously 1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot 1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version 1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui 1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization 1625258 - Having empty "Allocation (GB)" when creating a new Host, nil:NilClass returned on creating the Host 1627066 - Unable to revert to the original version of the provisioning template 1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules 1630536 - yum repos password stored as cleartext 1632577 - Audit log show 'missing' for adding/removing repository to a CV 1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) 1645062 - host_collection controller responds with 200 instead of 201 to a POST request 1645749 - repositories controller responds with 200 instead of 201 to a POST request 1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build 1647364 - [RFE] Extend the audits by the http request id 1647781 - Audits contain no data (Added foo to Missing(ID: x)) 1651297 - Very slow query when using facts on user roles as filters 1653217 - [RFE] More evocative name for Play Ansible Roles option? 1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks 1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role, 1659418 - katello-tracer-upload failing with error "ImportError: No module named katello" 1665277 - subscription manager register activation key with special character failed 1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal 1666693 - Command "hammer subscription list" is not correctly showing the comment "Guests of " in the "Type" field in the output. 1677907 - Ansible API endpoints return 404 1680157 - [RFE] Puppet 'package' provider type does not support selecting modularity streams 1680458 - Locked Report Templates are getting removed. 1680567 - Reporting Engine API to list report template per organization/location returns 404 error 1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite 1685949 - [RFE] Support passing of attribute name instead of Id's in RHV workflow 1687116 - kernel version checks should not use /lib/modules to determine running version 1688886 - subscription-manager not attaching the right quantity per the cpu core 1691416 - Delays when many clients upload tracer data simultaneously 1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself 1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don't match runtime permissions 1705097 - An empty report file doesn't show any headers 1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service 1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed 1710511 - Filter by os_minor includes unexpected values on the Satellite web UI. 1715999 - Use Infoblox API for DNS conflict check and not system resolver 1716423 - Nonexistent quota can be set 1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page 1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array 1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally 1719509 - [RFE] "hammer host list" including erratas information 1719516 - [RFE] "hammer host-collection hosts" including erratas information 1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition 1721419 - SSH key cannot be added when FIPS enabled 1722954 - Slow performance when running "hammer host list" with a high number of Content Hosts (15k+ for example) 1723313 - foreman_tasks:cleanup description contain inconsistent information 1724494 - [Capsule][smart_proxy_dynflow_core] "PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start" 1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS 1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name 1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear 1730083 - [RFE] Add Jobs button to host detail page 1731155 - Cloud init template missing snippet compared to Kickstart default user data 1731229 - podman search against Red Hat Satellite 6 fails. 1731235 - [RFE] Create Report Template to list inactive hosts 1733241 - [RFE] hammer does not inherit parent location information 1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN 1736809 - undefined methodsplit' for nil:NilClass when viewing the host info with hammer 1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host. 1737564 - [RFE] Support custom images on Azure 1738548 - Parameter --openscap-proxy-id is missing in hammer host create command. 1740943 - Increasing Ansible verbosity level does not increase the verbosity of output 1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location. 1743776 - Error while deleting the content view version. 1745516 - Multiple duplicate index entries are present in candlepin database 1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI. 1749692 - Default Rhel8 scap content does not get populated on the Satellite 1749916 - [RFE] Satellite should support certificates with > 2048 Key size 1751981 - Parent object properties are not propagated to Child objects in Location and Host Group 1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command 1753551 - Traces output from Satellite GUI has mismatches with client tracer output 1756991 - 2 inputs with same name -> uninitialized constant #::NonUniqueInputsError 1757317 - [RFE] Dynflow workers extraction 1757394 - [BUG] Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via Satellite 6 API 1759160 - Rake task for cleaning up DHCP records on proxy 1761872 - Disabled buttons are still working 1763178 - [RFE] Unnecessary call to userhelp and therefore log entries 1763816 - [RFE] Report which users access the API 1766613 - Fact search bar broken and resets to only searching hostname 1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting 1767497 - Compute Resource filter does not correctly allow Refresh Cache 1767635 - [RFE] Enable Organization and Location to be entered not just selected 1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer. 1770544 - Puppet run job notification do not populate "%{puppet_options}"' value 1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method []' for nil:NilClass 1771367 - undefined methodrequest_uri' when Openidc Provider Token Endpoint is none 1771428 - Openscap documentation link on Satellite 6 webui is broke 1771484 - Client side documentation links are not branded 1771693 - 'Deployed on' parameter is not listed in API output 1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order 1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again 1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt 1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare 1774710 - UI: When selecting the server type in ldap authentication, "attribute mappings" fields could be populated automatically 1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines) 1778503 - Prepended text on OS name creation 1778681 - Some pages are missing title in html head 1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI. 1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly 1782352 - [RHEL 8.1 client] All packages are not getting updated after click on "Update All Packages" 1782426 - Viewing errata from a repository returns incorrect unfiltered results 1783568 - [RFE] - Bulk Tracer Remediation 1783882 - Ldap refresh failed with "Validation failed: Adding would cause a cycle!" 1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log 1784341 - disable CertificateRevocationListTask job in candlepin.conf by default 1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file 1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6. 1785624 - [UI] Importing templates with associate 'never' is not resulting as expected 1785683 - Does not load datacenter when multiple compute resources are created for same VCenter 1785902 - Ansible RunHostJob tasks failed with "Failed to initialize: NoMethodError - undefined method []' for nil:NilClass" 1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date 1787329 - change filename in initrd live CPIO archive to fdi.iso 1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL 1788958 - [RFE] add "elapsed time" column to export and hammer, make it filterable in WebUI 1789006 - Smart proxy dynflow core listens on 0.0.0.0 1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id 1789434 - Template editor not always allows refreshing of the preview pane 1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely 1789686 - Non-admin user with enough permissions can't generate report of applicable errata 1789815 - The "start" parameter should be mentioned inside "--compute-attributes:" in hammer_cli for Satellite 6 1789911 - "foreman-rake katello:publish_unpublished_repositories" is referring to column which no longer exists in katello_repositories table. 1789924 - [RFE] As user I want to see a "disabled" status for Simple Content Access (Golden Ticketed) Orgs 1791654 - drop config_templates api endpoints and parameters 1791656 - drop deprecated host status endpoint 1791658 - drop reports api endpoint 1791659 - Removeuse_puppet_defaultapi params 1791663 - remove deprecated permissions api parameters 1791665 - drop deprecated compute resource uuid parameter 1792131 - [UI] Could not specify organization/location for users that come from keycloak 1792135 - Not able to login again if session expired from keycloak 1792174 - [RFE] Subscription report template 1792304 - When generating custom report, leave output format field empty 1792378 - [RFE] Long role names are cut off in the roles UI 1793951 - [RFE] Display request UUID on audits page 1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists 1794346 - Change the label for the flashing eye icon during user impersonation 1794641 - Sync status page's content are not being displayed properly. 1795809 - HTML tags visible on paused task page 1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled 1796205 - iso upload: correctly check if upload directory exists 1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1796259 - loading subscriptions page is very slow 1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode 1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout 1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server 1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state. 1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host 1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input 1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input 1802529 - Repository sync in tasks page shows percentage in 17 decimal points 1802631 - Importing Ansible variables yields NoMethodError: undefined methodmap' for nil:NilClass (initialize_variables) [variables_importer.rb] 1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none 1804496 - While performing bulk actions, unable to select all tasks under Monitor --> Tasks page. 1804651 - Missing information about "Create Capsule" via webUI 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7 1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error 1806842 - Disabling dynflow_enable_console from setting should hide "Dynflow console" in Tasks 1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method mtu' 1807042 - [RFE] Support additional disks for VM on Azure Compute Resource 1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics. 1807829 - Generated inventory file doesn't exist 1807946 - Multiple duplicate index entries are present in foreman database 1808843 - Satellite lists unrelated RHV storage domains using v4 API 1810250 - Unable to delete repository - Content with ID could not be found 1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd 1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection 1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic "errata" page instead 1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units 1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana's API specification 1812904 - 'Hypervisors' task fails with 'undefined method[]' for nil:NilClass' error 1813005 - Prevent --tuning option to be applied in Capsule servers 1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker) 1814095 - Applicable errata not showing up for module stream errata 1815104 - Locked provisioning template should not be allowed to add audit comment 1815135 - hammer does not support description for custom repositories 1815146 - Backslash escapes when downloading a JSON-formatted report multiple times 1815608 - Content Hosts has Access to Content View from Different Organization 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1816699 - Satellite Receptor Installer role can miss accounts under certain conditions 1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval 1816853 - Report generated by Red Hat Inventory Uploads is empty. 1817215 - Admin must be able to provide all the client ids involved inside Satellite settings. 1817224 - Loading one org's content view when switching to a different org 1817481 - Plugin does not set page 1817728 - Default task polling is too frequent at scale 1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com. 1818062 - Deprecated message about katello agent being shown on content host registration page 1818816 - Web console should open in a new tab/window 1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.<em>.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1820193 - Deleted Global Http Proxy is still being used during repository sync. 1820245 - reports in JSON format can't handle unicode characters 1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512 1821335 - Inventory plugin captures information for systems with any entitlement 1821457 - [RFE] Capsules shouldn't update hosts' "Registered through" facts on the Satellite server in a load-balanced configuration. 1821629 - Eager zero seems to do nothing 1821651 - Manifest import task progress remains at 0. 1821752 - New version of the plugin is available: 1.0.5 1822039 - Get HTTP error when deploying the virt-who configure plugin 1822560 - Unable to sync large openshift docker repos 1823905 - Update distributor version to sat-6.7 1823991 - [RFE] Add a more performant way to sort reports 1824183 - Virtual host get counted as physical hosts on cloud.redhat.com 1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes "Blank" 1825760 - schedule inventory plugin sync failed due to 'organization_id' typecasting issue. 1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy 1825978 - Manifest refresh failed with 'Katello::Errors::CandlepinError Invalid credentials.' error 1826298 - even when I cancel ReX job, remediation still shows it as running 1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images 1826515 - [RFE] Consume Candlepin events via STOMP 1826625 - Improve performance of externalNodes 1826678 - New version of the plugin is available: 2.0.6 1826734 - Tasks uses wrong controller name for bookmarks 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories 1827583 - Installing dhcp_isc and dhcp_remote_isc fails with "You cannot specify the same gem twice with different version requirements.....You specified: rsec (< 1) and rsec (>= 0)" 1828257 - Receptor init file missing [Install] section, receptor service won't run after restart 1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API 1828549 - Manifest Certificate Exposed by Unprivileged User 1828682 - Create compute resource shows console error 'Cannot read property 'aDataSort' of undefined' 1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default 1828868 - Add keep alive option in Receptor node 1829487 - Ansible verbosity level does not work 1829766 - undefined method <code>tr' for nil:NilClass when trying to get a new DHCP lease from infoblox 1830253 - Default job templates are not locked 1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time 1830834 - Unable to update default value of a smart class parameter (Sql query error). 1830860 - Refactor loading regions based on subscription dynamically 1830882 - Red Hat Satellite brand icon is missing 1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo 1831528 - CVE-2020-5267 rubygem-actionview: views that use the</code>j<code>or</code>escape_javascript<code>methods are susceptible to XSS attacks 1833031 - Improve RH account ID fetching in cloud connector playbook 1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished) 1833039 - Introduce error code to playbook_run_finished response type 1833311 - "Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid" while creating scap policy with ansible deployment option. 1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of '/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud' returned 1: Error: Nothing to do 1834377 - Disable mongo FTDC 1834866 - Missing macro for "registered_at" host subscription facet 1834898 - Login Page background got centralized and cropped 1835189 - Missing macro for "host_redhat_subscriptions" in host subscription facet 1835241 - Some applicability of the consumers are not recalculated after syncing a repository 1835882 - While executing "Configure Cloud Connector" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting 1836155 - Support follow on rails, travis and i18n work for AzureRm plugin 1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman. 1836774 - Some foreman services failed to start (pulp_streamer) 1836845 - "Generate at" in report template should be current date 1837951 - "invalid Unicode Property \p: /\b\perform various actions through those proxies\b(?!-)/" warning messages appears in dynflow-sidekiq@worker-hosts-queue 1838160 - 'Registered hosts' report does not list kernel release for rhsm clients 1838191 - Arrow position is on left rather in the middle under "Start Time" 1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory 1838917 - Repositories are not showing their available Release versions due to a low default db pool size 1838963 - Hypervisors from Satellite, never makes their way to HBI 1838965 - Product name link is not working on the activation keys "Repository Sets" tab. 1839025 - Configure Cloud Connector relies on information which is no longer provided by the API 1839649 - satellite-installer --reset returns a traceback 1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds 1839779 - undefined local variable or method</code>implicit_order_column' for #<ActiveRecord::Associations::CollectionProxy> on GET request to /discovery_rules endpoint 1839966 - New version of the plugin is available: 2.0.7 1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out . 1840191 - Validate parameters passed by receptor to the receptor-satellite plugin 1840218 - ArgumentError: wrong number of arguments 1840525 - Content host list doesn't update after the successful deletion of content host. 1840635 - Proxy has failed to load one or more features (Realm) 1840723 - Selected scenario is DISABLED, can not continue 1840745 - Satellite installation failed with puppet error " No Puppet module parser is installed" 1841098 - Failed to resolve package dependency while doing satellite upgrade. 1841143 - Known hosts key removal may fail hard, preventing host from being provisioned 1841573 - Clicking breadcrumb "Auth Source Ldaps" on Create LDAP Auth Source results in "The page you were looking for doesn't exist." 1841818 - icons missing on /pub download page 1842900 - ERROR! the role 'satellite-receptor' was not found in ... 1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/ 1843406 - In 6.8, Receptor installation playbook's inputs are visible again 1843561 - Report templates duplicated 1843846 - Host - Registered Content Hosts report: "Safemode doesn't allow to access 'report_hraders' on #<Safemode::ScopeObject>" 1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8 1843926 - satellite-change-hostname fails when running nsupdate 1844142 - [RFE] Drop a subsription-manager fact with the satellite version 1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP 1845486 - [RFE] Able to select 'HTTP Proxy' during Compute Resource create for 'GCE' as similar to EC2 1845860 - hammer org add-provisioning-template command returns Error: undefined method <code>[]' for nil:NilClass 1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1846254 - need to restart services after enabling leapp plugin 1846313 - Add index on locks for resource type and task id 1846317 - undefined method</code>klass' for nil:NilClass 1846421 - build pxe default do not work when more than 1 provider 1846593 - Satellite-installer failed with error "Could not find a suitable provider for foreman_smartproxy" while doing upgrade from 6.7 to 6.8 1847019 - Empty applicability for non-modular repos 1847063 - Slow manifest import and/or refresh 1847407 - load_pools macro not in list of macros 1847645 - Allow override of Katello's DISTRIBUTOR_VERSION 1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details. 1847840 - Libvirt note link leads to 404 1847871 - Combined Profile Update: ArgumentError: invalid argument: nil. 1848291 - Download kernel/initram for kexec asynchronously 1848535 - Unable to create a pure IPv6 host 1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8) 1848902 - ERF42-0258 [Foreman::Exception]: <uuid> is not valid, enter id or name 1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory 1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool 1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms 1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule 1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names 1849656 - ERROR! You cannot use loops on 'import_tasks' statements. You should use 'include_tasks' instead. 1849680 - Task progress decimal precision discrepancy between UI, CLI, and API 1849869 - Unable to recycle the dynflow executor 1850355 - Auth Source Role Filters are not working in Satellite 6.8 1850536 - Can't add RHEV with APIv3 through Hammer 1850914 - Checksum type "sha256" is not available for all units in the repository. Make sure those units have been downloaded 1850934 - Satellite-installer failed with error "Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)" 1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates 1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9 1851167 - Autoattach -> "undefined" subscription added 1851176 - Subscriptions do not provide any repository sets 1851952 - "candlepin_events FAIL Not running" and wont restart 1852371 - Allow http proxy ports by default 1852723 - Broken link for documentation on installation media page 1852733 - Inventory upload documentation redirects to default location 1852735 - New version of the plugin is available: 2.0.8 1853076 - large capsule syncs cause slow processing of dynflow tasks/steps 1853200 - foreman-rake-db:migrate Fails on "No indexes found on foreman_tasks_locks with the options provided" 1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7 1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh 1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views 1853572 - Broken documentation link for 'RHV' in Compute Resource 1854138 - System purpose status should show as 'disabled' when Satellite is in Simple Content Access mode. 1854397 - Compliance reports are not being uploaded to satellite. 1854530 - PG::NotNullViolation when syncing hosts from cloud 1855008 - Host parameters are set after the host is created. 1855254 - Links to documentation broken in HTTP Proxies setup 1855348 - katello_applicability accidentally set to true at install 1855710 - 'Ensure RPM repository is configured and enabled' task says 'FIXME' 1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page. 1856379 - Add missing VM creation tests 1856401 - [RFE] Add module to create HTTP Proxy 1856831 - New version of the plugin is available: 2.0.9 1856837 - undefined method '#httpboot' for NilClass::Jail (NilClass) when creating an IPv6 only host 1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500 1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos 1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos 1857377 - Capsule Upgrade Playbook fails with "Failed to initialize: NoMethodError - undefined method <code>default_capsule' for Katello:Module" 1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError 1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename. 1857726 - Warnings are shown during the satellite package installation on RHEL 7.9 1858237 - Upgraded Satellite has duplicated katello_pools indexes 1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user 1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite 1858855 - Creating compute resources on IPV6 network does not fail gracefully 1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf 1859194 - load_hosts macro duplicated in a list of macros 1859276 - Need to update the deprecation warning message on Statistics and Trends page. 1859705 - Tomcat is not running on fresh Capsule installation 1859929 - User can perform other manifest actions while the first one starts 1860351 - 'Host - compare content hosts packages' report fails with error 'undefined method '#first' for NilClass' 1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed 1860422 - Host with remediations can't be removed 1860430 - 'Host - compare content hosts packages' report: Safemode doesn't allow to access 'version'... 1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service 1860519 - Browsing capsule /pub directory with https fails with forbidden don't have permission to access /pub/ error. 1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8 1860587 - Documentation link in Administer -> About pointing to 6.6 document. 1860835 - Installed Packages not displayed on About page 1860957 - Unable to select an organization for sync management 1861367 - Import Template sync never completes 1861397 - UI dialog for Capsule Upgrade Playbook job doesn't state whitelist_options is required 1861422 - Error encountered while handling the response, replying with an error message ('plugin_config') 1861656 - smart-proxy-openscap-send command fails to upload reports to satellite. 1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request 1861766 - Add ability to list traces by host with hammer 1861807 - Cancel/Abort button should be disabled once REX job is finish 1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer 1861831 - satellite-change-hostname cannot change the satellite hostname after failing. 1861890 - Recommended repos do not match Satellite version 1861970 - Content -> Product doesn't work when no organization is selected 1862135 - updating hosts policy using bulk action fails with sql error 1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite. 1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6 1865871 - Obfuscated hosts do not have domain reported 1865872 - Templates doc - examples on onepage.html are not processed 1865874 - Add inventory status to host 1865876 - Make recommendations count in hosts index a link 1865879 - Add automatic scheduler for insights sync 1865880 - Add an explanation how to enable insights sync 1865928 - Templates documentation help page has hard-coded Satellite setting value 1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently 1866029 - Templates DSL documentation: Parts of description are put in <pre> tag 1866436 - host search filter does not work in job invocation page 1866461 - Run action is missing in job templates page 1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page 1866700 - Hammer CLI is missing "resolve" (traces) option for katello-tracer 1866710 - Wrong API endpoint path referenced for resolving host traces 1867239 - hammer content-view version incremental-update fails with ISE 1867287 - Error Row was updated or deleted by another transaction when deleting docker repository 1867311 - Upgrade fails when checkpoint_segments postgres parameter configured 1867399 - Receptor-satellite isn't able to deal with jobs where all the hosts are unknown to satellite 1867895 - API Create vmware ComputeResource fails with "Datacenter can't be blank" 1868183 - Unable to change virt-who hypervisor location. 1868971 - Receptor installation job doesn't properly escape data it puts into receptor.conf 1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)' messages come in upgrade and installation. 1869812 - Tasks fail to complete under load 1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow 1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found) 1871434 - theme css ".container" class rule is too generic 1871729 - ansible-runner implementation depends on third party repository for ansible-runner package. 1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout 1871978 - Bug in provisioning_template Module 1872014 - Enable web console on host error in "Oops, we're sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console" 1872041 - Host search returns incorrect result 1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result 1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover 1874143 - Red Hat Inventory Uploads does not use proxy 1874160 - Changing Content View of a Content Host needs to better inform the user around client needs 1874168 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception' 1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file 1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts) 1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow 1874176 - Unable to search by value of certain Hostgroup parameter 1874422 - Hits Sync uses only old proxy setting 1874619 - Hostgroup tag is never reported in slice 1875357 - After upgrade server response check failed for candlepin. 1875426 - Azure VM provision fails with error</code>requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url` 1875660 - Reporting Template macros host_cores is not working as expected 1875667 - Audit page list incorrect search filter 1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only 1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding 1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries 1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-</em>.csv 1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-<em>.csv 1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-</em>.csv 1878194 - In Capsule upgrade, "yum update" dump some error messages. 1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled 1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections 1878850 - creating host from hg doesn't resolves the user-data template 1879151 - Remote execution status not updating with large number of hosts 1879448 - Add hits details to host details page 1879451 - Stop uploading if Satellite's setting is disconnected 1879453 - Add plugin version to report metadata 1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP 1880637 - [6.8] satellite-installer always runs upgrade steps 1881066 - Safemode doesn't allow to access 'host_cores' on #<Safemode::ScopeObject> 1881078 - Use Passenger instead of Puma as the Foreman application server 1881988 - [RFE] IPv6 support for Satellite 6.8 1882276 - Satellite installation fails at execution of '/usr/sbin/foreman-rake -- config -k 'remote_execution_cockpit_url' -v '/webcon/=%{host}'' 1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results 1883093 - installer-upgrade failed with error "Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)" 1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error "HTTP error (500 - Internal Server Error): Unable to register system, not all services available" 1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals 1887489 - Insights rules can't be loaded on freshly installed Satellite system 1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO</p> <ol> <li>Package List:</li> </ol> <p>Red Hat Satellite Capsule 6.8:</p> <p>Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm</p> <p>noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-nodes-child-2.21.3-1.el7sat.noarch.rpm pulp-nodes-common-2.21.3-1.el7sat.noarch.rpm pulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm</p> <p>x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm</p> <p>Red Hat Satellite 6.7:</p> <p>Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm candlepin-3.1.21-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm foreman-selinux-2.1.2.3-1.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pcp-mmvstatsd-0.4-2.el7sat.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-aiohttp-3.6.2-4.el7ar.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-async-timeout-3.0.1-2.el7ar.src.rpm python-attrs-19.3.0-3.el7ar.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-chardet-3.0.4-10.el7ar.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-dateutil-2.8.1-2.el7ar.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-idna-2.4-2.el7ar.src.rpm python-idna-ssl-1.1.0-2.el7ar.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-multidict-4.7.4-2.el7ar.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-prometheus-client-0.7.1-2.el7ar.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-receptor-satellite-1.2.0-1.el7sat.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-six-1.11.0-8.el7ar.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-typing-extensions-3.7.4.1-2.el7ar.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-yarl-1.4.2-2.el7ar.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm receptor-0.6.3-1.el7ar.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm rubygem-facter-2.4.1-2.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm rubygem-passenger-4.0.18-24.el7sat.src.rpm rubygem-rack-1.6.12-1.el7sat.src.rpm rubygem-rake-0.9.2.2-41.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm tfm-rubygem-audited-4.9.0-3.el7sat.src.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm tfm-rubygem-builder-3.2.4-1.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm tfm-rubygem-crass-1.0.6-1.el7sat.src.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm tfm-rubygem-deface-1.5.3-2.el7sat.src.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm tfm-rubygem-excon-0.58.0-3.el7sat.src.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm tfm-rubygem-facter-2.4.0-6.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm tfm-rubygem-fx-0.5.0-1.el7sat.src.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm tfm-rubygem-git-1.5.0-1.el7sat.src.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-3.3.0-1.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-locale-2.0.9-13.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm tfm-rubygem-mail-2.7.1-1.el7sat.src.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm tfm-rubygem-os-1.0.0-1.el7sat.src.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm tfm-rubygem-pg-1.1.4-2.el7sat.src.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm tfm-rubygem-puma-4.3.3-4.el7sat.src.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm tfm-rubygem-redis-4.1.2-2.el7sat.src.rpm tfm-rubygem-representable-3.0.4-1.el7sat.src.rpm tfm-rubygem-responders-3.0.0-3.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm tfm-rubygem-signet-0.11.0-3.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm tfm-rubygem-text-1.3.0-7.el7sat.src.rpm tfm-rubygem-thor-1.0.1-2.el7sat.src.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm tfm-rubygem-uber-0.1.0-1.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm</p> <p>noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm candlepin-3.1.21-1.el7sat.noarch.rpm candlepin-selinux-3.1.21-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-2.1.2.19-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-cli-2.1.2.19-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm foreman-ec2-2.1.2.19-1.el7sat.noarch.rpm foreman-gce-2.1.2.19-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-journald-2.1.2.19-1.el7sat.noarch.rpm foreman-libvirt-2.1.2.19-1.el7sat.noarch.rpm foreman-openstack-2.1.2.19-1.el7sat.noarch.rpm foreman-ovirt-2.1.2.19-1.el7sat.noarch.rpm foreman-postgresql-2.1.2.19-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm foreman-selinux-2.1.2.3-1.el7sat.noarch.rpm foreman-service-2.1.2.19-1.el7sat.noarch.rpm foreman-telemetry-2.1.2.19-1.el7sat.noarch.rpm foreman-vmware-2.1.2.19-1.el7sat.noarch.rpm katello-3.16.0-1.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm katello-selinux-3.4.0-1.el7sat.noarch.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm python3-async-timeout-3.0.1-2.el7ar.noarch.rpm python3-attrs-19.3.0-3.el7ar.noarch.rpm python3-chardet-3.0.4-10.el7ar.noarch.rpm python3-dateutil-2.8.1-2.el7ar.noarch.rpm python3-idna-2.4-2.el7ar.noarch.rpm python3-idna-ssl-1.1.0-2.el7ar.noarch.rpm python3-prometheus-client-0.7.1-2.el7ar.noarch.rpm python3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm python3-six-1.11.0-8.el7ar.noarch.rpm python3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm receptor-0.6.3-1.el7ar.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm rubygem-rack-1.6.12-1.el7sat.noarch.rpm rubygem-rake-0.9.2.2-41.el7sat.noarch.rpm satellite-6.8.0-1.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-cli-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm tfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm tfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm tfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm tfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm tfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm tfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm tfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm tfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm tfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm tfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm tfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm tfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm</p> <p>x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_passenger-4.0.18-24.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm pcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm python3-aiohttp-3.6.2-4.el7ar.x86_64.rpm python3-multidict-4.7.4-2.el7ar.x86_64.rpm python3-yarl-1.4.2-2.el7ar.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm rubygem-facter-2.4.1-2.el7sat.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm rubygem-passenger-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm</p> <p>These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/</p> <ol> <li>References:</li> </ol> <p>https://access.redhat.com/security/cve/CVE-2018-3258 https://access.redhat.com/security/cve/CVE-2018-11751 https://access.redhat.com/security/cve/CVE-2019-12781 https://access.redhat.com/security/cve/CVE-2019-16782 https://access.redhat.com/security/cve/CVE-2020-5216 https://access.redhat.com/security/cve/CVE-2020-5217 https://access.redhat.com/security/cve/CVE-2020-5267 https://access.redhat.com/security/cve/CVE-2020-7238 https://access.redhat.com/security/cve/CVE-2020-7663 https://access.redhat.com/security/cve/CVE-2020-7942 https://access.redhat.com/security/cve/CVE-2020-7943 https://access.redhat.com/security/cve/CVE-2020-8161 https://access.redhat.com/security/cve/CVE-2020-8184 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11619 https://access.redhat.com/security/cve/CVE-2020-14061 https://access.redhat.com/security/cve/CVE-2020-14062 https://access.redhat.com/security/cve/CVE-2020-14195 https://access.redhat.com/security/cve/CVE-2020-14334 https://access.redhat.com/security/cve/CVE-2020-14380 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK 1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa 5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr oomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f Z8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io OhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX k9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG C2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5 /6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta D2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a f4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG 1yK/tAm1KBU=osSG -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The purpose of this text-only errata is to inform you about the security issues fixed in this release. </p> <p>Security Fix(es):</p> <ul> <li> <p>netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)</p> </li> <li> <p>dom4j (CVE-2018-1000632)</p> </li> <li> <p>elasticsearch (CVE-2018-3831)</p> </li> <li> <p>pdfbox (CVE-2018-11797)</p> </li> <li> <p>vertx (CVE-2018-12541)</p> </li> <li> <p>spring-data-jpa (CVE-2019-3797)</p> </li> <li> <p>mina-core (CVE-2019-0231)</p> </li> <li> <p>jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540 CVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943 CVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619 CVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)</p> </li> <li> <p>jackson-mapper-asl (CVE-2019-10172)</p> </li> <li> <p>hawtio (CVE-2019-9827)</p> </li> <li> <p>undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)</p> </li> <li> <p>santuario (CVE-2019-12400)</p> </li> <li> <p>apache-commons-beanutils (CVE-2019-10086)</p> </li> <li> <p>cxf (CVE-2019-17573)</p> </li> <li> <p>apache-commons-configuration (CVE-2020-1953)</p> </li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. </p> <p>Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Description:</p> <p>Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. </p> <p>This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. </p> <p>Security Fix(es):</p> <ul> <li> <p>cxf: reflected XSS in the services listing page (CVE-2019-17573)</p> </li> <li> <p>cxf-core: cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)</p> </li> <li> <p>jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)</p> </li> <li> <p>undertow: servletPath in normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)</p> </li> <li> <p>jackson-databind: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)</p> </li> <li> <p>jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)</p> </li> <li> <p>resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)</p> </li> <li> <p>cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)</p> </li> <li> <p>smallrye-config: SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader (CVE-2020-1729)</p> </li> <li> <p>resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688)</p> </li> <li> <p>jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)</p> </li> <li> <p>undertow: invalid HTTP request with large chunk size (CVE-2020-10719)</p> </li> <li> <p>jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)</p> </li> <li> <p>jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)</p> </li> <li> <p>jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)</p> </li> <li> <p>undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)</p> </li> <li> <p>libthrift: thrift: Endless loop when feed with specific input data (CVE-2019-0205)</p> </li> <li> <p>libthrift: thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)</p> </li> <li> <p>wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887)</p> </li> <li> <p>jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)</p> </li> <li> <p>jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371)</p> </li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):</p> <p>1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId 1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page 1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation 1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader 1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size</p> <ol> <li>JIRA issues fixed (https://issues.jboss.org/):</li> </ol> <p>JBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final JBEAP-18060 - <a href="7.3.z">GSS</a> Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001 JBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001 JBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012 JBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core JBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core JBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final JBEAP-18277 - <a href="7.3.z">GSS</a> Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001 JBEAP-18288 - <a href="7.3.z">GSS</a> Upgrade FasterXML from 2.10.0 to 2.10.3 JBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10 JBEAP-18302 - <a href="7.3.z">GSS</a> Upgrade wildfly-http-client from 1.0.18 to 1.0.20 JBEAP-18315 - <a href="7.3.z">GSS</a> Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010 JBEAP-18346 - <a href="7.3.z">GSS</a> Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002 JBEAP-18352 - <a href="7.3.z">GSS</a> Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001 JBEAP-18361 - <a href="7.3.z">GSS</a> Upgrade Woodstox from 5.0.3 to 6.0.3 JBEAP-18367 - <a href="7.3.z">GSS</a> Upgrade Hibernate ORM from 5.3.15 to 5.3.16 JBEAP-18393 - <a href="7.3.z">GSS</a> Update $JBOSS_HOME/docs/schema to show https schema URL instead of http JBEAP-18399 - Tracker bug for the EAP 7.3.1 release for RHEL-8 JBEAP-18409 - <a href="7.3.z">GSS</a> Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001 JBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final JBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001 JBEAP-18596 - <a href="7.3.z">GSS</a> Upgrade JBoss Modules from 1.9.1 to 1.10.0 JBEAP-18598 - <a href="7.3.z">GSS</a> Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002 JBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001 JBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001 JBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final JBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001 JBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001 JBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001 JBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001 JBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006 JBEAP-18836 - <a href="7.3.z">GSS</a> Upgrade Remoting JMX from 3.0.3 to 3.0.4 JBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2 JBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002 JBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0 JBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2 JBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3 JBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3 JBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4 JBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final JBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001 JBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002 JBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1 JBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004 JBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001 JBEAP-19117 - <a href="7.3.z">GSS</a> Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001 JBEAP-19133 - <a href="7.3.z">GSS</a> Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001 JBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001 JBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001 JBEAP-19192 - (7.3.z) Update the Japanese translations JBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001 JBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001 JBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final</p> <p>7</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202003-1784" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202003-1784" aria-expanded="false" aria-controls="collapseJsonvar-202003-1784"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202003-1784&t=Vulnerability var-202003-1784" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202003-1784&title=Vulnerability var-202003-1784" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202003-1784&url=https://vulnerability.circl.lu/vuln/var-202003-1784" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202003-1784&title=Vulnerability var-202003-1784" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202003-1784&description=Vulnerability var-202003-1784" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202003-1784&title=Vulnerability var-202003-1784" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202003-1784')" vuln-id="var-202003-1784" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202003-1784"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202003-1784">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1784", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "banking platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "2.4.0" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "9.5" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.1" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "financial services institutional performance analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.1" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.4.0" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.2" }, { "model": "financial services institutional performance analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.7.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.2" }, { "model": "global lifecycle management opatch", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "12.2.0.1.20" }, { "model": "financial services price creation and discovery", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.0" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "retail sales audit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "model": "financial services institutional performance analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.8.11.6" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.0.1" }, { "model": "communications calendar server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0" }, { "model": "financial services institutional performance analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1.0" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.3" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.9.7" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications network charging and control", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "12.0.3" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.4.2" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.2" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "7.3" }, { "model": "financial services retail customer analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.4.2" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.1" }, { "model": "financial services analytical applications infrastructure", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.1.0" }, { "model": "insurance policy administration j2ee", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.1.0.15" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "banking platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "2.9.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.4" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "financial services analytical applications infrastructure", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.5.0" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "financial services price creation and discovery", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7" }, { "model": "communications network charging and control", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "12.0.0" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "insurance policy administration j2ee", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2.25" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.4.0.0" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.8.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2020-9546" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.4", "versionStartIncluding": "2.9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.8.11.6", "versionStartIncluding": "2.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7.9.7", "versionStartIncluding": "2.7.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "versionStartIncluding": "9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.1.0", "versionStartIncluding": "8.0.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.0.3", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.9.0", "versionStartIncluding": "2.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.2.0.1.20", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-9546" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "158282" }, { "db": "PACKETSTORM", "id": "159080" }, { "db": "PACKETSTORM", "id": "158047" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202003-042" } ], "trust": 1.5 }, "cve": "CVE-2020-9546", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-187671", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-9546", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-9546", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202003-042", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-187671", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-9546", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-187671" }, { "db": "VULMON", "id": "CVE-2020-9546" }, { "db": "CNNVD", "id": "CNNVD-202003-042" }, { "db": "NVD", "id": "CVE-2020-9546" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. An attacker could exploit this vulnerability with a specially crafted request to execute arbitrary code on the system. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Satellite 6.8 release\nAdvisory ID: RHSA-2020:4366-01\nProduct: Red Hat Satellite 6\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4366\nIssue date: 2020-10-27\nCVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781\n CVE-2019-16782 CVE-2020-5216 CVE-2020-5217\n CVE-2020-5267 CVE-2020-7238 CVE-2020-7663\n CVE-2020-7942 CVE-2020-7943 CVE-2020-8161\n CVE-2020-8184 CVE-2020-8840 CVE-2020-9546\n CVE-2020-9547 CVE-2020-9548 CVE-2020-10693\n CVE-2020-10968 CVE-2020-10969 CVE-2020-11619\n CVE-2020-14061 CVE-2020-14062 CVE-2020-14195\n CVE-2020-14334 CVE-2020-14380\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Satellite 6.8 for RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Satellite 6.7 - noarch, x86_64\nRed Hat Satellite Capsule 6.8 - noarch, x86_64\n\n3. Description:\n\nRed Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized tool. \n\nSecurity Fix(es):\n\n* mysql-connector-java: Connector/J unspecified vulnerability (CPU October\n2018) (CVE-2018-3258)\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n* rubygem-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7663)\n* puppet: puppet server and puppetDB may leak sensitive information via\nmetrics API (CVE-2020-7943)\n* jackson-databind: multiple serialization gadgets (CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)\n* foreman: unauthorized cache read on RPM-based installations through local\nuser (CVE-2020-14334)\n* Satellite: Local user impersonation by Single sign-on (SSO) user leads to\naccount takeover (CVE-2020-14380)\n* Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n(CVE-2019-12781)\n* rubygem-rack: hijack sessions by using timing attacks targeting the\nsession id (CVE-2019-16782)\n* rubygem-secure_headers: limited header injection when using dynamic\noverrides with user input (CVE-2020-5216)\n* rubygem-secure_headers: directive injection when using dynamic overrides\nwith user input (CVE-2020-5217)\n* rubygem-actionview: views that use the `j` or `escape_javascript` methods\nare susceptible to XSS attacks (CVE-2020-5267)\n* puppet: Arbitrary catalog retrieval (CVE-2020-7942)\n* rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)\n* rubygem-rack: percent-encoded cookies can be used to overwrite existing\nprefixed cookie names (CVE-2020-8184)\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n* puppet-agent: Puppet Agent does not properly verify SSL connection when\ndownloading a CRL (CVE-2018-11751)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\n* Provides the Satellite Ansible Modules that allow for full automation of\nyour Satellite configuration and deployment. \n\n* Adds ability to install Satellite and Capsules and manage hosts in a IPv6\nnetwork environment\n\n* Ansible based Capsule Upgrade automation: Ability to centrally upgrade\nall of your Capsule servers with a single job execution. \n\n* Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest\nversion of Puppet\n\n* Support for HTTP UEFI provisioning\n\n* Support for CAC card authentication with Keycloak integration\n\n* Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8\nusing the LEAPP based tooling. \n\n* Support for Red Hat Enterprise Linux Traces integration\n\n* satellite-maintain \u0026 foreman-maintain are now self updating\n\n* Notifications in the UI to warn users when subscriptions are expiring. \n\nThe items above are not a complete list of changes. This update also fixes\nseveral bugs and adds various enhancements. Documentation for these changes\nis available from the Release Notes document linked to in the References\nsection. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1160344 - [RFE] Satellite support for cname as alternate cname for satellite server\n1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems\n1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy\n1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt\n1398317 - For the vms built by Satellite 6 using \"Network Based\" installation mode on VMWare, unable to change the boot sequence via BIOS\n1410616 - [RFE] Prominent notification of expiring subscriptions. \n1410916 - Should only be able to add repositories you have access to\n1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3\n1461781 - [RFE]A button should be available in the GUI to clear the recurring logics. \n1469267 - need updated rubygem-rake\n1486446 - Content view versions list has slow query for package count\n1486696 - \u0027hammer host update\u0027 removes existing host parameters\n1494180 - Sorting by network address for subnet doesn\u0027t work properly\n1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost\n1503037 - [RFE] Cancelled future/recurring job invocations should not get the status \"failed\" but rather \"cancelled\"\n1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for \"172.17.0.101\"\n1531674 - Operating System Templates are ordered inconsistently in UI. \n1537320 - [RFE] Support for Capsules at 1 version lower than Satellite\n1543316 - Satellite 6.2 Upgrade Fails with error \"rake aborted! NoMethodError: undefined method `first\u0027 for nil:NilClass\" when there are custom bookmarks created\n1563270 - Sync status information is lost after cleaning up old tasks related to sync. \n1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers (\u0027ECDHE-RSA-AES128-GCM-SHA256\u0027, \u0027ECDHE-RSA-AES256-GCM-SHA384\u0027)\n1571907 - Passenger threads throwing tracebacks on API jobs after spawning\n1576859 - [RFE] Implement automatic assigning subnets through data provided by facter\n1584184 - [RFE] The locked template is getting overridden by default\n1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box\n1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template\n1608001 - Rearrange search/filter options on Red Hat Repositories page. \n1613391 - race condition on removing multiple organizations simultaneously\n1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot\n1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version\n1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui\n1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization\n1625258 - Having empty \"Allocation (GB)\" when creating a new Host, nil:NilClass returned on creating the Host\n1627066 - Unable to revert to the original version of the provisioning template\n1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules\n1630536 - yum repos password stored as cleartext\n1632577 - Audit log show \u0027missing\u0027 for adding/removing repository to a CV\n1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)\n1645062 - host_collection controller responds with 200 instead of 201 to a POST request\n1645749 - repositories controller responds with 200 instead of 201 to a POST request\n1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build\n1647364 - [RFE] Extend the audits by the http request id\n1647781 - Audits contain no data (Added foo to Missing(ID: x))\n1651297 - Very slow query when using facts on user roles as filters\n1653217 - [RFE] More evocative name for Play Ansible Roles option?\n1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks\n1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,\n1659418 - katello-tracer-upload failing with error \"ImportError: No module named katello\"\n1665277 - subscription manager register activation key with special character failed\n1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal\n1666693 - Command \"hammer subscription list\" is not correctly showing the comment \"Guests of \" in the \"Type\" field in the output. \n1677907 - Ansible API endpoints return 404\n1680157 - [RFE] Puppet \u0027package\u0027 provider type does not support selecting modularity streams\n1680458 - Locked Report Templates are getting removed. \n1680567 - Reporting Engine API to list report template per organization/location returns 404 error\n1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite\n1685949 - [RFE] Support passing of attribute name instead of Id\u0027s in RHV workflow\n1687116 - kernel version checks should not use /lib/modules to determine running version\n1688886 - subscription-manager not attaching the right quantity per the cpu core\n1691416 - Delays when many clients upload tracer data simultaneously\n1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself\n1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don\u0027t match runtime permissions\n1705097 - An empty report file doesn\u0027t show any headers\n1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service\n1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed\n1710511 - Filter by os_minor includes unexpected values on the Satellite web UI. \n1715999 - Use Infoblox API for DNS conflict check and not system resolver\n1716423 - Nonexistent quota can be set\n1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page\n1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array\n1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally\n1719509 - [RFE] \"hammer host list\" including erratas information\n1719516 - [RFE] \"hammer host-collection hosts\" including erratas information\n1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition\n1721419 - SSH key cannot be added when FIPS enabled\n1722954 - Slow performance when running \"hammer host list\" with a high number of Content Hosts (15k+ for example)\n1723313 - foreman_tasks:cleanup description contain inconsistent information\n1724494 - [Capsule][smart_proxy_dynflow_core] \"PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start\"\n1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name\n1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear\n1730083 - [RFE] Add Jobs button to host detail page\n1731155 - Cloud init template missing snippet compared to Kickstart default user data\n1731229 - podman search against Red Hat Satellite 6 fails. \n1731235 - [RFE] Create Report Template to list inactive hosts\n1733241 - [RFE] hammer does not inherit parent location information\n1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN\n1736809 - undefined method `split\u0027 for nil:NilClass when viewing the host info with hammer\n1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host. \n1737564 - [RFE] Support custom images on Azure\n1738548 - Parameter --openscap-proxy-id is missing in hammer host create command. \n1740943 - Increasing Ansible verbosity level does not increase the verbosity of output\n1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location. \n1743776 - Error while deleting the content view version. \n1745516 - Multiple duplicate index entries are present in candlepin database\n1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI. \n1749692 - Default Rhel8 scap content does not get populated on the Satellite\n1749916 - [RFE] Satellite should support certificates with \u003e 2048 Key size\n1751981 - Parent object properties are not propagated to Child objects in Location and Host Group\n1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command\n1753551 - Traces output from Satellite GUI has mismatches with client tracer output\n1756991 - 2 inputs with same name -\u003e uninitialized constant #\u003cClass:0x000000000b894c38\u003e::NonUniqueInputsError\n1757317 - [RFE] Dynflow workers extraction\n1757394 - [BUG] Non-admin users always get \"Missing one of the required permissions\" message while accessing their own table_preferences via Satellite 6 API\n1759160 - Rake task for cleaning up DHCP records on proxy\n1761872 - Disabled buttons are still working\n1763178 - [RFE] Unnecessary call to userhelp and therefore log entries\n1763816 - [RFE] Report which users access the API\n1766613 - Fact search bar broken and resets to only searching hostname\n1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting\n1767497 - Compute Resource filter does not correctly allow Refresh Cache\n1767635 - [RFE] Enable Organization and Location to be entered not just selected\n1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer. \n1770544 - Puppet run job notification do not populate \"%{puppet_options}\"\u0027 value\n1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method `[]\u0027 for nil:NilClass\n1771367 - undefined method `request_uri\u0027 when Openidc Provider Token Endpoint is none\n1771428 - Openscap documentation link on Satellite 6 webui is broke\n1771484 - Client side documentation links are not branded\n1771693 - \u0027Deployed on\u0027 parameter is not listed in API output\n1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order\n1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again\n1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt\n1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare\n1774710 - UI: When selecting the server type in ldap authentication, \"attribute mappings\" fields could be populated automatically\n1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)\n1778503 - Prepended text on OS name creation\n1778681 - Some pages are missing title in html head\n1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI. \n1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly\n1782352 - [RHEL 8.1 client] All packages are not getting updated after click on \"Update All Packages\"\n1782426 - Viewing errata from a repository returns incorrect unfiltered results\n1783568 - [RFE] - Bulk Tracer Remediation\n1783882 - Ldap refresh failed with \"Validation failed: Adding would cause a cycle!\"\n1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log\n1784341 - disable CertificateRevocationListTask job in candlepin.conf by default\n1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file\n1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6. \n1785624 - [UI] Importing templates with associate \u0027never\u0027 is not resulting as expected\n1785683 - Does not load datacenter when multiple compute resources are created for same VCenter\n1785902 - Ansible RunHostJob tasks failed with \"Failed to initialize: NoMethodError - undefined method `[]\u0027 for nil:NilClass\"\n1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date\n1787329 - change filename in initrd live CPIO archive to fdi.iso\n1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL\n1788958 - [RFE] add \"elapsed time\" column to export and hammer, make it filterable in WebUI\n1789006 - Smart proxy dynflow core listens on 0.0.0.0\n1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id\n1789434 - Template editor not always allows refreshing of the preview pane\n1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely\n1789686 - Non-admin user with enough permissions can\u0027t generate report of applicable errata\n1789815 - The \"start\" parameter should be mentioned inside \"--compute-attributes:\" in hammer_cli for Satellite 6\n1789911 - \"foreman-rake katello:publish_unpublished_repositories\" is referring to column which no longer exists in katello_repositories table. \n1789924 - [RFE] As user I want to see a \"disabled\" status for Simple Content Access (Golden Ticketed) Orgs\n1791654 - drop config_templates api endpoints and parameters\n1791656 - drop deprecated host status endpoint\n1791658 - drop reports api endpoint\n1791659 - Remove `use_puppet_default` api params\n1791663 - remove deprecated permissions api parameters\n1791665 - drop deprecated compute resource uuid parameter\n1792131 - [UI] Could not specify organization/location for users that come from keycloak\n1792135 - Not able to login again if session expired from keycloak\n1792174 - [RFE] Subscription report template\n1792304 - When generating custom report, leave output format field empty\n1792378 - [RFE] Long role names are cut off in the roles UI\n1793951 - [RFE] Display request UUID on audits page\n1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists\n1794346 - Change the label for the flashing eye icon during user impersonation\n1794641 - Sync status page\u0027s content are not being displayed properly. \n1795809 - HTML tags visible on paused task page\n1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled\n1796205 - iso upload: correctly check if upload directory exists\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1796259 - loading subscriptions page is very slow\n1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode\n1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout\n1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server\n1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state. \n1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host\n1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input\n1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input\n1802529 - Repository sync in tasks page shows percentage in 17 decimal points\n1802631 - Importing Ansible variables yields NoMethodError: undefined method `map\u0027 for nil:NilClass (initialize_variables) [variables_importer.rb]\n1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none\n1804496 - While performing bulk actions, unable to select all tasks under Monitor --\u003e Tasks page. \n1804651 - Missing information about \"Create Capsule\" via webUI\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7\n1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error\n1806842 - Disabling dynflow_enable_console from setting should hide \"Dynflow console\" in Tasks\n1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method `mtu\u0027\n1807042 - [RFE] Support additional disks for VM on Azure Compute Resource\n1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics. \n1807829 - Generated inventory file doesn\u0027t exist\n1807946 - Multiple duplicate index entries are present in foreman database\n1808843 - Satellite lists unrelated RHV storage domains using v4 API\n1810250 - Unable to delete repository - Content with ID could not be found\n1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd\n1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection\n1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic \"errata\" page instead\n1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units\n1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana\u0027s API specification\n1812904 - \u0027Hypervisors\u0027 task fails with \u0027undefined method `[]\u0027 for nil:NilClass\u0027 error\n1813005 - Prevent --tuning option to be applied in Capsule servers\n1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)\n1814095 - Applicable errata not showing up for module stream errata\n1815104 - Locked provisioning template should not be allowed to add audit comment\n1815135 - hammer does not support description for custom repositories\n1815146 - Backslash escapes when downloading a JSON-formatted report multiple times\n1815608 - Content Hosts has Access to Content View from Different Organization\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1816699 - Satellite Receptor Installer role can miss accounts under certain conditions\n1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval\n1816853 - Report generated by Red Hat Inventory Uploads is empty. \n1817215 - Admin must be able to provide all the client ids involved inside Satellite settings. \n1817224 - Loading one org\u0027s content view when switching to a different org\n1817481 - Plugin does not set page \u003ctitle\u003e\n1817728 - Default task polling is too frequent at scale\n1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com. \n1818062 - Deprecated message about katello agent being shown on content host registration page\n1818816 - Web console should open in a new tab/window\n1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1820193 - Deleted Global Http Proxy is still being used during repository sync. \n1820245 - reports in JSON format can\u0027t handle unicode characters\n1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512\n1821335 - Inventory plugin captures information for systems with any entitlement\n1821457 - [RFE] Capsules shouldn\u0027t update hosts\u0027 \"Registered through\" facts on the Satellite server in a load-balanced configuration. \n1821629 - Eager zero seems to do nothing\n1821651 - Manifest import task progress remains at 0. \n1821752 - New version of the plugin is available: 1.0.5\n1822039 - Get HTTP error when deploying the virt-who configure plugin\n1822560 - Unable to sync large openshift docker repos\n1823905 - Update distributor version to sat-6.7\n1823991 - [RFE] Add a more performant way to sort reports\n1824183 - Virtual host get counted as physical hosts on cloud.redhat.com\n1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes \"Blank\"\n1825760 - schedule inventory plugin sync failed due to \u0027organization_id\u0027 typecasting issue. \n1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy\n1825978 - Manifest refresh failed with \u0027Katello::Errors::CandlepinError Invalid credentials.\u0027 error\n1826298 - even when I cancel ReX job, remediation still shows it as running\n1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images\n1826515 - [RFE] Consume Candlepin events via STOMP\n1826625 - Improve performance of externalNodes\n1826678 - New version of the plugin is available: 2.0.6\n1826734 - Tasks uses wrong controller name for bookmarks\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories\n1827583 - Installing dhcp_isc and dhcp_remote_isc fails with \"You cannot specify the same gem twice with different version requirements.....You specified: rsec (\u003c 1) and rsec (\u003e= 0)\"\n1828257 - Receptor init file missing [Install] section, receptor service won\u0027t run after restart\n1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API\n1828549 - Manifest Certificate Exposed by Unprivileged User\n1828682 - Create compute resource shows console error \u0027Cannot read property \u0027aDataSort\u0027 of undefined\u0027\n1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default\n1828868 - Add keep alive option in Receptor node\n1829487 - Ansible verbosity level does not work\n1829766 - undefined method `tr\u0027 for nil:NilClass when trying to get a new DHCP lease from infoblox\n1830253 - Default job templates are not locked\n1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time\n1830834 - Unable to update default value of a smart class parameter (Sql query error). \n1830860 - Refactor loading regions based on subscription dynamically\n1830882 - Red Hat Satellite brand icon is missing\n1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo\n1831528 - CVE-2020-5267 rubygem-actionview: views that use the `j` or `escape_javascript` methods are susceptible to XSS attacks\n1833031 - Improve RH account ID fetching in cloud connector playbook\n1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)\n1833039 - Introduce error code to playbook_run_finished response type\n1833311 - \"Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid\" while creating scap policy with ansible deployment option. \n1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of \u0027/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud\u0027 returned 1: Error: Nothing to do\n1834377 - Disable mongo FTDC\n1834866 - Missing macro for \"registered_at\" host subscription facet\n1834898 - Login Page background got centralized and cropped\n1835189 - Missing macro for \"host_redhat_subscriptions\" in host subscription facet\n1835241 - Some applicability of the consumers are not recalculated after syncing a repository\n1835882 - While executing \"Configure Cloud Connector\" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting\n1836155 - Support follow on rails, travis and i18n work for AzureRm plugin\n1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman. \n1836774 - Some foreman services failed to start (pulp_streamer)\n1836845 - \"Generate at\" in report template should be current date\n1837951 - \"invalid Unicode Property \\p: /\\b\\perform various actions through those proxies\\b(?!-)/\" warning messages appears in dynflow-sidekiq@worker-hosts-queue\n1838160 - \u0027Registered hosts\u0027 report does not list kernel release for rhsm clients\n1838191 - Arrow position is on left rather in the middle under \"Start Time\"\n1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory\n1838917 - Repositories are not showing their available Release versions due to a low default db pool size\n1838963 - Hypervisors from Satellite, never makes their way to HBI\n1838965 - Product name link is not working on the activation keys \"Repository Sets\" tab. \n1839025 - Configure Cloud Connector relies on information which is no longer provided by the API\n1839649 - satellite-installer --reset returns a traceback\n1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds\n1839779 - undefined local variable or method `implicit_order_column\u0027 for #\u003cActiveRecord::Associations::CollectionProxy\u003e on GET request to /discovery_rules endpoint\n1839966 - New version of the plugin is available: 2.0.7\n1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out . \n1840191 - Validate parameters passed by receptor to the receptor-satellite plugin\n1840218 - ArgumentError: wrong number of arguments\n1840525 - Content host list doesn\u0027t update after the successful deletion of content host. \n1840635 - Proxy has failed to load one or more features (Realm)\n1840723 - Selected scenario is DISABLED, can not continue\n1840745 - Satellite installation failed with puppet error \" No Puppet module parser is installed\"\n1841098 - Failed to resolve package dependency while doing satellite upgrade. \n1841143 - Known hosts key removal may fail hard, preventing host from being provisioned\n1841573 - Clicking breadcrumb \"Auth Source Ldaps\" on Create LDAP Auth Source results in \"The page you were looking for doesn\u0027t exist.\"\n1841818 - icons missing on /pub download page\n1842900 - ERROR! the role \u0027satellite-receptor\u0027 was not found in ... \n1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/\n1843406 - In 6.8, Receptor installation playbook\u0027s inputs are visible again\n1843561 - Report templates duplicated\n1843846 - Host - Registered Content Hosts report: \"Safemode doesn\u0027t allow to access \u0027report_hraders\u0027 on #\u003cSafemode::ScopeObject\u003e\"\n1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8\n1843926 - satellite-change-hostname fails when running nsupdate\n1844142 - [RFE] Drop a subsription-manager fact with the satellite version\n1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP\n1845486 - [RFE] Able to select \u0027HTTP Proxy\u0027 during Compute Resource create for \u0027GCE\u0027 as similar to EC2\n1845860 - hammer org add-provisioning-template command returns Error: undefined method `[]\u0027 for nil:NilClass\n1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1846254 - need to restart services after enabling leapp plugin\n1846313 - Add index on locks for resource type and task id\n1846317 - undefined method `klass\u0027 for nil:NilClass\n1846421 - build pxe default do not work when more than 1 provider\n1846593 - Satellite-installer failed with error \"Could not find a suitable provider for foreman_smartproxy\" while doing upgrade from 6.7 to 6.8\n1847019 - Empty applicability for non-modular repos\n1847063 - Slow manifest import and/or refresh\n1847407 - load_pools macro not in list of macros\n1847645 - Allow override of Katello\u0027s DISTRIBUTOR_VERSION\n1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details. \n1847840 - Libvirt note link leads to 404\n1847871 - Combined Profile Update: ArgumentError: invalid argument: nil. \n1848291 - Download kernel/initram for kexec asynchronously\n1848535 - Unable to create a pure IPv6 host\n1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)\n1848902 - ERF42-0258 [Foreman::Exception]: \u003cuuid\u003e is not valid, enter id or name\n1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory\n1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool\n1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms\n1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule\n1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names\n1849656 - ERROR! You cannot use loops on \u0027import_tasks\u0027 statements. You should use \u0027include_tasks\u0027 instead. \n1849680 - Task progress decimal precision discrepancy between UI, CLI, and API\n1849869 - Unable to recycle the dynflow executor\n1850355 - Auth Source Role Filters are not working in Satellite 6.8\n1850536 - Can\u0027t add RHEV with APIv3 through Hammer\n1850914 - Checksum type \"sha256\" is not available for all units in the repository. Make sure those units have been downloaded\n1850934 - Satellite-installer failed with error \"Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)\"\n1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates\n1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9\n1851167 - Autoattach -\u003e \"undefined\" subscription added\n1851176 - Subscriptions do not provide any repository sets\n1851952 - \"candlepin_events FAIL Not running\" and wont restart\n1852371 - Allow http proxy ports by default\n1852723 - Broken link for documentation on installation media page\n1852733 - Inventory upload documentation redirects to default location\n1852735 - New version of the plugin is available: 2.0.8\n1853076 - large capsule syncs cause slow processing of dynflow tasks/steps\n1853200 - foreman-rake-db:migrate Fails on \"No indexes found on foreman_tasks_locks with the options provided\"\n1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7\n1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh\n1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views\n1853572 - Broken documentation link for \u0027RHV\u0027 in Compute Resource\n1854138 - System purpose status should show as \u0027disabled\u0027 when Satellite is in Simple Content Access mode. \n1854397 - Compliance reports are not being uploaded to satellite. \n1854530 - PG::NotNullViolation when syncing hosts from cloud\n1855008 - Host parameters are set after the host is created. \n1855254 - Links to documentation broken in HTTP Proxies setup\n1855348 - katello_applicability accidentally set to true at install\n1855710 - \u0027Ensure RPM repository is configured and enabled\u0027 task says \u0027FIXME\u0027\n1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page. \n1856379 - Add missing VM creation tests\n1856401 - [RFE] Add module to create HTTP Proxy\n1856831 - New version of the plugin is available: 2.0.9\n1856837 - undefined method \u0027#httpboot\u0027 for NilClass::Jail (NilClass) when creating an IPv6 only host\n1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500\n1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos\n1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos\n1857377 - Capsule Upgrade Playbook fails with \"Failed to initialize: NoMethodError - undefined method `default_capsule\u0027 for Katello:Module\"\n1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError\n1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename. \n1857726 - Warnings are shown during the satellite package installation on RHEL 7.9\n1858237 - Upgraded Satellite has duplicated katello_pools indexes\n1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user\n1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite\n1858855 - Creating compute resources on IPV6 network does not fail gracefully\n1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf\n1859194 - load_hosts macro duplicated in a list of macros\n1859276 - Need to update the deprecation warning message on Statistics and Trends page. \n1859705 - Tomcat is not running on fresh Capsule installation\n1859929 - User can perform other manifest actions while the first one starts\n1860351 - \u0027Host - compare content hosts packages\u0027 report fails with error \u0027undefined method \u0027#first\u0027 for NilClass\u0027\n1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed\n1860422 - Host with remediations can\u0027t be removed\n1860430 - \u0027Host - compare content hosts packages\u0027 report: Safemode doesn\u0027t allow to access \u0027version\u0027... \n1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service\n1860519 - Browsing capsule /pub directory with https fails with forbidden don\u0027t have permission to access /pub/ error. \n1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8\n1860587 - Documentation link in Administer -\u003e About pointing to 6.6 document. \n1860835 - Installed Packages not displayed on About page\n1860957 - Unable to select an organization for sync management\n1861367 - Import Template sync never completes\n1861397 - UI dialog for Capsule Upgrade Playbook job doesn\u0027t state whitelist_options is required\n1861422 - Error encountered while handling the response, replying with an error message (\u0027plugin_config\u0027)\n1861656 - smart-proxy-openscap-send command fails to upload reports to satellite. \n1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request\n1861766 - Add ability to list traces by host with hammer\n1861807 - Cancel/Abort button should be disabled once REX job is finish\n1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer\n1861831 - satellite-change-hostname cannot change the satellite hostname after failing. \n1861890 - Recommended repos do not match Satellite version\n1861970 - Content -\u003e Product doesn\u0027t work when no organization is selected\n1862135 - updating hosts policy using bulk action fails with sql error\n1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite. \n1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6\n1865871 - Obfuscated hosts do not have domain reported\n1865872 - Templates doc - examples on onepage.html are not processed\n1865874 - Add inventory status to host\n1865876 - Make recommendations count in hosts index a link\n1865879 - Add automatic scheduler for insights sync\n1865880 - Add an explanation how to enable insights sync\n1865928 - Templates documentation help page has hard-coded Satellite setting value\n1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently\n1866029 - Templates DSL documentation: Parts of description are put in \u003cpre\u003e tag\n1866436 - host search filter does not work in job invocation page\n1866461 - Run action is missing in job templates page\n1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page\n1866700 - Hammer CLI is missing \"resolve\" (traces) option for katello-tracer\n1866710 - Wrong API endpoint path referenced for resolving host traces\n1867239 - hammer content-view version incremental-update fails with ISE\n1867287 - Error Row was updated or deleted by another transaction when deleting docker repository\n1867311 - Upgrade fails when checkpoint_segments postgres parameter configured\n1867399 - Receptor-satellite isn\u0027t able to deal with jobs where all the hosts are unknown to satellite\n1867895 - API Create vmware ComputeResource fails with \"Datacenter can\u0027t be blank\"\n1868183 - Unable to change virt-who hypervisor location. \n1868971 - Receptor installation job doesn\u0027t properly escape data it puts into receptor.conf\n1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)\u0027 messages come in upgrade and installation. \n1869812 - Tasks fail to complete under load\n1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow\n1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)\n1871434 - theme css \".container\" class rule is too generic\n1871729 - ansible-runner implementation depends on third party repository for ansible-runner package. \n1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout\n1871978 - Bug in provisioning_template Module\n1872014 - Enable web console on host error in \"Oops, we\u0027re sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console\"\n1872041 - Host search returns incorrect result\n1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result\n1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover\n1874143 - Red Hat Inventory Uploads does not use proxy\n1874160 - Changing Content View of a Content Host needs to better inform the user around client needs\n1874168 - Sync Plan fails with \u0027uninitialized constant Actions::Foreman::Exception\u0027\n1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file\n1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)\n1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow\n1874176 - Unable to search by value of certain Hostgroup parameter\n1874422 - Hits Sync uses only old proxy setting\n1874619 - Hostgroup tag is never reported in slice\n1875357 - After upgrade server response check failed for candlepin. \n1875426 - Azure VM provision fails with error `requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`\n1875660 - Reporting Template macros host_cores is not working as expected\n1875667 - Audit page list incorrect search filter\n1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only\n1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding\n1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries\n1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-*.csv\n1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-*.csv\n1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-*.csv\n1878194 - In Capsule upgrade, \"yum update\" dump some error messages. \n1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled\n1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections\n1878850 - creating host from hg doesn\u0027t resolves the user-data template\n1879151 - Remote execution status not updating with large number of hosts\n1879448 - Add hits details to host details page\n1879451 - Stop uploading if Satellite\u0027s setting is disconnected\n1879453 - Add plugin version to report metadata\n1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP\n1880637 - [6.8] satellite-installer always runs upgrade steps\n1881066 - Safemode doesn\u0027t allow to access \u0027host_cores\u0027 on #\u003cSafemode::ScopeObject\u003e\n1881078 - Use Passenger instead of Puma as the Foreman application server\n1881988 - [RFE] IPv6 support for Satellite 6.8\n1882276 - Satellite installation fails at execution of \u0027/usr/sbin/foreman-rake -- config -k \u0027remote_execution_cockpit_url\u0027 -v \u0027/webcon/=%{host}\u0027\u0027\n1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results\n1883093 - installer-upgrade failed with error \"Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)\"\n1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error \"HTTP error (500 - Internal Server Error): Unable to register system, not all services available\"\n1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals\n1887489 - Insights rules can\u0027t be loaded on freshly installed Satellite system\n1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO\n\n6. Package List:\n\nRed Hat Satellite Capsule 6.8:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-child-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-common-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nRed Hat Satellite 6.7:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncandlepin-3.1.21-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nforeman-selinux-2.1.2.3-1.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npcp-mmvstatsd-0.4-2.el7sat.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-aiohttp-3.6.2-4.el7ar.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-async-timeout-3.0.1-2.el7ar.src.rpm\npython-attrs-19.3.0-3.el7ar.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-chardet-3.0.4-10.el7ar.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-dateutil-2.8.1-2.el7ar.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-idna-2.4-2.el7ar.src.rpm\npython-idna-ssl-1.1.0-2.el7ar.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-multidict-4.7.4-2.el7ar.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-prometheus-client-0.7.1-2.el7ar.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-receptor-satellite-1.2.0-1.el7sat.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-six-1.11.0-8.el7ar.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-typing-extensions-3.7.4.1-2.el7ar.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-yarl-1.4.2-2.el7ar.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nreceptor-0.6.3-1.el7ar.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm\nrubygem-facter-2.4.1-2.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nrubygem-passenger-4.0.18-24.el7sat.src.rpm\nrubygem-rack-1.6.12-1.el7sat.src.rpm\nrubygem-rake-0.9.2.2-41.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.src.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.src.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.src.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.src.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.src.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.src.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.src.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.src.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.src.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.src.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.src.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncandlepin-3.1.21-1.el7sat.noarch.rpm\ncandlepin-selinux-3.1.21-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-2.1.2.19-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-cli-2.1.2.19-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ec2-2.1.2.19-1.el7sat.noarch.rpm\nforeman-gce-2.1.2.19-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-journald-2.1.2.19-1.el7sat.noarch.rpm\nforeman-libvirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-openstack-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ovirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-postgresql-2.1.2.19-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nforeman-selinux-2.1.2.3-1.el7sat.noarch.rpm\nforeman-service-2.1.2.19-1.el7sat.noarch.rpm\nforeman-telemetry-2.1.2.19-1.el7sat.noarch.rpm\nforeman-vmware-2.1.2.19-1.el7sat.noarch.rpm\nkatello-3.16.0-1.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkatello-selinux-3.4.0-1.el7sat.noarch.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\npython3-async-timeout-3.0.1-2.el7ar.noarch.rpm\npython3-attrs-19.3.0-3.el7ar.noarch.rpm\npython3-chardet-3.0.4-10.el7ar.noarch.rpm\npython3-dateutil-2.8.1-2.el7ar.noarch.rpm\npython3-idna-2.4-2.el7ar.noarch.rpm\npython3-idna-ssl-1.1.0-2.el7ar.noarch.rpm\npython3-prometheus-client-0.7.1-2.el7ar.noarch.rpm\npython3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm\npython3-six-1.11.0-8.el7ar.noarch.rpm\npython3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nreceptor-0.6.3-1.el7ar.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nrubygem-rack-1.6.12-1.el7sat.noarch.rpm\nrubygem-rake-0.9.2.2-41.el7sat.noarch.rpm\nsatellite-6.8.0-1.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-cli-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_passenger-4.0.18-24.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\npython3-aiohttp-3.6.2-4.el7ar.x86_64.rpm\npython3-multidict-4.7.4-2.el7ar.x86_64.rpm\npython3-yarl-1.4.2-2.el7ar.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm\nrubygem-facter-2.4.1-2.el7sat.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nrubygem-passenger-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-3258\nhttps://access.redhat.com/security/cve/CVE-2018-11751\nhttps://access.redhat.com/security/cve/CVE-2019-12781\nhttps://access.redhat.com/security/cve/CVE-2019-16782\nhttps://access.redhat.com/security/cve/CVE-2020-5216\nhttps://access.redhat.com/security/cve/CVE-2020-5217\nhttps://access.redhat.com/security/cve/CVE-2020-5267\nhttps://access.redhat.com/security/cve/CVE-2020-7238\nhttps://access.redhat.com/security/cve/CVE-2020-7663\nhttps://access.redhat.com/security/cve/CVE-2020-7942\nhttps://access.redhat.com/security/cve/CVE-2020-7943\nhttps://access.redhat.com/security/cve/CVE-2020-8161\nhttps://access.redhat.com/security/cve/CVE-2020-8184\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11619\nhttps://access.redhat.com/security/cve/CVE-2020-14061\nhttps://access.redhat.com/security/cve/CVE-2020-14062\nhttps://access.redhat.com/security/cve/CVE-2020-14195\nhttps://access.redhat.com/security/cve/CVE-2020-14334\nhttps://access.redhat.com/security/cve/CVE-2020-14380\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK\n1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa\n5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr\noomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f\nZ8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io\nOhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX\nk9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG\nC2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5\n/6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta\nD2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a\nf4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG\n1yK/tAm1KBU=osSG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nSecurity Fix(es):\n\n* netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)\n\n* dom4j (CVE-2018-1000632)\n\n* elasticsearch (CVE-2018-3831)\n\n* pdfbox (CVE-2018-11797)\n\n* vertx (CVE-2018-12541)\n\n* spring-data-jpa (CVE-2019-3797)\n\n* mina-core (CVE-2019-0231)\n\n* jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540\nCVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943\nCVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619\nCVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)\n\n* jackson-mapper-asl (CVE-2019-10172)\n\n* hawtio (CVE-2019-9827)\n\n* undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)\n\n* santuario (CVE-2019-12400)\n\n* apache-commons-beanutils (CVE-2019-10086)\n\n* cxf (CVE-2019-17573)\n\n* apache-commons-configuration (CVE-2020-1953)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0,\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.3.1 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* cxf: reflected XSS in the services listing page (CVE-2019-17573)\n\n* cxf-core: cxf: OpenId Connect token service does not properly validate\nthe clientId (CVE-2019-12423)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* undertow: servletPath in normalized incorrectly leading to dangerous\napplication mapping which could result in security bypass (CVE-2020-1757)\n\n* jackson-databind: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in\nMediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* cryptacular: excessive memory allocation during a decode operation\n(CVE-2020-7226)\n\n* smallrye-config: SmallRye: SecuritySupport class is incorrectly public\nand contains a static method to access the current threads context class\nloader (CVE-2020-1729)\n\n* resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected\nXSS attack (CVE-2020-10688)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n(CVE-2020-8840)\n\n* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config\n(CVE-2020-9546)\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)\n\n* libthrift: thrift: Endless loop when feed with specific input data\n(CVE-2019-0205)\n\n* libthrift: thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not\nrespected if OpenSSL security provider is in use (CVE-2019-14887)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con\nparameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* jsf-impl: mojarra: Path traversal in\nResourceManager.java:getLocalePrefix() via the loc parameter\n(CVE-2018-14371)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, see the CVE page(s) listed in the\nReferences section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol\n1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data\n1772008 - CVE-2019-14887 wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use\n1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId\n1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page\n1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation\n1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader\n1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final\nJBEAP-18060 - [GSS](7.3.z) Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001\nJBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001\nJBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012\nJBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core\nJBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core\nJBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final\nJBEAP-18277 - [GSS](7.3.z) Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001\nJBEAP-18288 - [GSS](7.3.z) Upgrade FasterXML from 2.10.0 to 2.10.3\nJBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10\nJBEAP-18302 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.18 to 1.0.20\nJBEAP-18315 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010\nJBEAP-18346 - [GSS](7.3.z) Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002\nJBEAP-18352 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001\nJBEAP-18361 - [GSS](7.3.z) Upgrade Woodstox from 5.0.3 to 6.0.3\nJBEAP-18367 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.15 to 5.3.16\nJBEAP-18393 - [GSS](7.3.z) Update $JBOSS_HOME/docs/schema to show https schema URL instead of http\nJBEAP-18399 - Tracker bug for the EAP 7.3.1 release for RHEL-8\nJBEAP-18409 - [GSS](7.3.z) Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001\nJBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final\nJBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001\nJBEAP-18596 - [GSS](7.3.z) Upgrade JBoss Modules from 1.9.1 to 1.10.0\nJBEAP-18598 - [GSS](7.3.z) Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002\nJBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001\nJBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001\nJBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final\nJBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001\nJBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001\nJBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001\nJBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001\nJBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006\nJBEAP-18836 - [GSS](7.3.z) Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2\nJBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002\nJBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0\nJBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2\nJBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3\nJBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3\nJBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4\nJBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final\nJBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001\nJBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002\nJBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1\nJBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004\nJBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001\nJBEAP-19117 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001\nJBEAP-19133 - [GSS](7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001\nJBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001\nJBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001\nJBEAP-19192 - (7.3.z) Update the Japanese translations\nJBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001\nJBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001\nJBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final\n\n7", "sources": [ { "db": "NVD", "id": "CVE-2020-9546" }, { "db": "VULHUB", "id": "VHN-187671" }, { "db": "VULMON", "id": "CVE-2020-9546" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "158282" }, { "db": "PACKETSTORM", "id": "159080" }, { "db": "PACKETSTORM", "id": "158047" }, { "db": "PACKETSTORM", "id": "159082" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-9546", "trust": 2.7 }, { "db": "PACKETSTORM", "id": "159724", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "159083", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "159208", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-202003-042", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "158282", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.3558", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1766", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2287", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2588", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1440", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0828", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2619", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2050", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3065", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2042", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3190", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3703", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "158048", "trust": 0.6 }, { "db": "NSFOCUS", "id": "48008", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "159080", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "159082", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "159081", "trust": 0.2 }, { "db": "CNVD", "id": "CNVD-2020-16493", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-187671", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-9546", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158650", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "157741", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158636", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158047", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-187671" }, { "db": "VULMON", "id": "CVE-2020-9546" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "158282" }, { "db": "PACKETSTORM", "id": "159080" }, { "db": "PACKETSTORM", "id": "158047" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202003-042" }, { "db": "NVD", "id": "CVE-2020-9546" } ] }, "id": "VAR-202003-1784", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-187671" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:53:51.536000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=111243" }, { "title": "Red Hat: Important: Red Hat Single Sign-On 7.4.1 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202813 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203638 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202515 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203637 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203639 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203642 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202513 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202512 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202511 - security advisory" }, { "title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203779 - security advisory" }, { "title": "IBM: Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Jackson databind", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=88553214b693594d88e3b37f8bb2c078" }, { "title": "Red Hat: Important: Satellite 6.8 release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204366 - security advisory" }, { "title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory" }, { "title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory" }, { "title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202067 - security advisory" }, { "title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-109" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics \u2013 Log Analysis", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1db4c8cb14383c63d0c04205c943ef8a" }, { "title": "IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2ec7385c474071281be069b54d841de6" }, { "title": "Cubed", "trust": 0.1, "url": "https://github.com/yahoo/cubed " }, { "title": "PHunter", "trust": 0.1, "url": "https://github.com/cgcl-codes/phunter " }, { "title": "PHunter", "trust": 0.1, "url": "https://github.com/anonymous-phunter/phunter " }, { "title": "Java-Deserialization-CVEs", "trust": 0.1, "url": "https://github.com/palindromelabs/java-deserialization-cves " }, { "title": "Awesome CVE PoC", "trust": 0.1, "url": "https://github.com/lnick2023/nicenice " }, { "title": "Awesome CVE PoC", "trust": 0.1, "url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 " }, { "title": "Awesome CVE PoC", "trust": 0.1, "url": "https://github.com/qazbnm456/awesome-cve-poc " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-9546" }, { "db": "CNNVD", "id": "CNNVD-202003-042" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-187671" }, { "db": "NVD", "id": "CVE-2020-9546" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 2.4, "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "trust": 2.4, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20200904-0006/" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2631" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3cdev.zookeeper.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.1, "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3cnotifications.zookeeper.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2020-9547" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2020-9546" }, { "trust": 0.9, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2020-9548" }, { "trust": 0.9, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.9, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2020-8840" }, { "trust": 0.9, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3cnotifications.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3cdev.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-jackson-databind/" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-10672" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-10673" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/48008" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-9548-cve-2020-9546-cve-2020-9547-cve-2020-8840-cve-2019-20330/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3703/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2287/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-databind-6/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2588/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-publicly-disclosed-vulnerability-found-in-network-performance-insight/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-code-execution-via-hikari-config-31736" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2619/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-affect-ibm-platform-symphony-and-ibm-spectrum-symphony-3/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1766/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3558/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2050/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0828/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158048/red-hat-security-advisory-2020-2512-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2042/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158282/red-hat-security-advisory-2020-2813-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3190/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1440/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159724/red-hat-security-advisory-2020-4366-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3065/" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672" }, { "trust": 0.5, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10968" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-11619" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10969" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-7238" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10693" }, { "trust": 0.4, "url": "https://issues.jboss.org/):" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-6950" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-1695" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6950" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11112" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11113" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-17573" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14061" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14062" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11620" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-20330" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11111" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10740" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10687" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-10714" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14297" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900" }, { "trust": 0.3, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-10683" }, { "trust": 0.3, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-10687" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-14900" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14307" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-10740" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14307" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-1710" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-10718" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10718" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-1748" }, { "trust": 0.2, "url": "https://access.redhat.com/errata/rhsa-2020:2813" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-14060" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9512" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12406" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9514" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9515" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-20445" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-20444" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12423" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16335" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16943" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-17531" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0210" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-10086" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14540" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9511" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1729" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-17267" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0205" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14893" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16942" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14888" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12400" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14892" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14887" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-14195" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1745" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-10172" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1757" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10719" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-10719" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/yahoo/cubed" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13990" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1718" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9518" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3196" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16869" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11612" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3875" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14832" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2067" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10219" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10199" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10201" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12419" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14820" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:4366" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16782" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16782" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12781" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-5267" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14380" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11751" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7943" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8184" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14334" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11751" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-5217" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12781" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5267" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7663" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5217" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7663" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14380" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8184" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8161" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14334" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7943" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-5216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3831" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-12541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4970" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9827" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1953" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3192" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3797" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3637" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=core.service.rhsso\u0026version=7.4" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10748" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11023" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1694" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10748" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1714" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1714" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11022" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1694" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3639" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7226" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10688" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1729" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7226" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2513" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14371" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14371" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3638" } ], "sources": [ { "db": "VULHUB", "id": "VHN-187671" }, { "db": "VULMON", "id": "CVE-2020-9546" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "158282" }, { "db": "PACKETSTORM", "id": "159080" }, { "db": "PACKETSTORM", "id": "158047" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202003-042" }, { "db": "NVD", "id": "CVE-2020-9546" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-187671" }, { "db": "VULMON", "id": "CVE-2020-9546" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "158282" }, { "db": "PACKETSTORM", "id": "159080" }, { "db": "PACKETSTORM", "id": "158047" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202003-042" }, { "db": "NVD", "id": "CVE-2020-9546" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-02T00:00:00", "db": "VULHUB", "id": "VHN-187671" }, { "date": "2020-03-02T00:00:00", "db": "VULMON", "id": "CVE-2020-9546" }, { "date": "2020-07-29T17:52:58", "db": "PACKETSTORM", "id": "158650" }, { "date": "2020-05-18T16:42:53", "db": "PACKETSTORM", "id": "157741" }, { "date": "2020-10-27T16:58:42", "db": "PACKETSTORM", "id": "159724" }, { "date": "2020-07-29T00:05:59", "db": "PACKETSTORM", "id": "158636" }, { "date": "2020-09-07T16:38:23", "db": "PACKETSTORM", "id": "159081" }, { "date": "2020-07-02T15:43:25", "db": "PACKETSTORM", "id": "158282" }, { "date": "2020-09-07T16:37:51", "db": "PACKETSTORM", "id": "159080" }, { "date": "2020-06-11T16:36:11", "db": "PACKETSTORM", "id": "158047" }, { "date": "2020-09-07T16:39:28", "db": "PACKETSTORM", "id": "159082" }, { "date": "2020-03-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-042" }, { "date": "2020-03-02T04:15:10.843000", "db": "NVD", "id": "CVE-2020-9546" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-02T00:00:00", "db": "VULHUB", "id": "VHN-187671" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2020-9546" }, { "date": "2022-06-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-042" }, { "date": "2023-11-07T03:26:58.593000", "db": "NVD", "id": "CVE-2020-9546" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "159080" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202003-042" } ], "trust": 1.0 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind Code problem vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-042" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-042" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202012-1539">var-202012-1539</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. FasterXML jackson-databind versions 2.x to 2.9.10.8 have a security vulnerability, which stems from incorrectly handling the interaction between serialization widgets and types, involving com.oracle.wls.shaded.org.apache. xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>===================================================================== Red Hat Security Advisory</p> <p>Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================</p> <ol> <li>Summary:</li> </ol> <p>Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Description:</li> </ol> <p>Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. </p> <ol> <li>Solution:</li> </ol> <p>This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:</p> <p>https://access.redhat.com/errata/RHBA-2021:1232</p> <p>All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor</p> <p>For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:</p> <p>https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html</p> <p>Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:</p> <p>https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):</p> <p>LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"</p> <p>5</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202012-1539" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202012-1539" aria-expanded="false" aria-controls="collapseJsonvar-202012-1539"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202012-1539&t=Vulnerability var-202012-1539" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202012-1539&title=Vulnerability var-202012-1539" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202012-1539&url=https://vulnerability.circl.lu/vuln/var-202012-1539" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202012-1539&title=Vulnerability var-202012-1539" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202012-1539&description=Vulnerability var-202012-1539" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202012-1539&title=Vulnerability var-202012-1539" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202012-1539')" vuln-id="var-202012-1539" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202012-1539"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202012-1539">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202012-1539", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "banking treasury management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.4" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "communications policy management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.5.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "retail customer management and segmentation foundation", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "commerce platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.2" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.0" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.3.2" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3" }, { "model": "data integrator", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0.2" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.4.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "retail customer management and segmentation foundation", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "communications unified inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4.1" }, { "model": "communications convergent charging controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "insurance rules palette", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "goldengate application adapters", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1.0.0.0" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "communications diameter signaling route", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.5.0.0" }, { "model": "insurance rules palette", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "communications diameter signaling route", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "communications services gatekeeper", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.10" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0" }, { "model": "insurance policy administration", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "insurance policy administration", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12.0" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3.1" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "autovue", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.11" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "communications cloud native core policy", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.14.0" }, { "model": "communications cloud native core unified data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.4.0" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.8" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.2.0" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0.4" }, { "model": "service level manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "commerce platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.5.0.23.0" }, { "model": "blockchain platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.1.2" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0.3" }, { "model": "insurance policy administration", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.11" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.1" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.6" } ], "sources": [ { "db": "NVD", "id": "CVE-2020-35728" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.8", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.2", "versionStartIncluding": "11.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.10", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.11", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.0", "versionStartIncluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.5.0.0", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12", "versionStartIncluding": "18.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.4.0", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.1.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-35728" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202012-1602" } ], "trust": 0.8 }, "cve": "CVE-2020-35728", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-379341", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-35728", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-35728", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202012-1602", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-379341", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-35728", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-379341" }, { "db": "VULMON", "id": "CVE-2020-35728" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202012-1602" }, { "db": "NVD", "id": "CVE-2020-35728" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. FasterXML jackson-databind versions 2.x to 2.9.10.8 have a security vulnerability, which stems from incorrectly handling the interaction between serialization widgets and types, involving com.oracle.wls.shaded.org.apache. xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2020-35728" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-379341" }, { "db": "VULMON", "id": "CVE-2020-35728" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-35728", "trust": 2.0 }, { "db": "PACKETSTORM", "id": "162493", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162350", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202012-1602", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0334", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1397", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1437", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1573", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021050708", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042826", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-379341", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-35728", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-379341" }, { "db": "VULMON", "id": "CVE-2020-35728" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202012-1602" }, { "db": "NVD", "id": "CVE-2020-35728" } ] }, "id": "VAR-202012-1539", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-379341" } ], "trust": 0.01 }, "last_update_date": "2024-02-12T23:22:33.642000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128" }, { "title": "Awesome Stars", "trust": 0.1, "url": "https://github.com/netw0rk1le3r/awesome-hacking-lists " }, { "title": "Awesome Stars", "trust": 0.1, "url": "https://github.com/readloud/awesome-stars " }, { "title": "Vulnerability", "trust": 0.1, "url": "https://github.com/tzwlhack/vulnerability " }, { "title": "\u66f4\u65b0\u4e8e 2023-11-27 08:36:01\n\u5b89\u5168\n\u5f00\u53d1\n\u672a\u5206\u7c7b\n\u6742\u4e03\u6742\u516b", "trust": 0.1, "url": "https://github.com/20142995/sectool " }, { "title": "SecBooks\nSecBooks\u76ee\u5f55", "trust": 0.1, "url": "https://github.com/sexybeast233/secbooks " }, { "title": "PoC in GitHub", "trust": 0.1, "url": "https://github.com/developer3000s/poc-in-github " }, { "title": "PoC in GitHub", "trust": 0.1, "url": "https://github.com/hectorgie/poc-in-github " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-35728" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-379341" }, { "db": "NVD", "id": "CVE-2020-35728" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20210129-0007/" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2999" }, { "trust": 1.8, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "trust": 1.1, "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728" }, { "trust": 0.7, "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0334/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1437" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-network-performance-insight-1-3-1-was-affected-by-jackson-databind-vulnerability-cve-2020-35728/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042826" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-databind-9/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1397" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1573" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021050708" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19360" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20190" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14719" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35491" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36180" }, { "trust": 0.2, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36188" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36179" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36182" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24750" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36186" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19361" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14379" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-128/index.html" }, { "trust": 0.1, "url": "https://github.com/readloud/awesome-stars" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1230" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2021:1232" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2163" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1515" } ], "sources": [ { "db": "VULHUB", "id": "VHN-379341" }, { "db": "VULMON", "id": "CVE-2020-35728" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202012-1602" }, { "db": "NVD", "id": "CVE-2020-35728" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-379341" }, { "db": "VULMON", "id": "CVE-2020-35728" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202012-1602" }, { "db": "NVD", "id": "CVE-2020-35728" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-12-27T00:00:00", "db": "VULHUB", "id": "VHN-379341" }, { "date": "2020-12-27T00:00:00", "db": "VULMON", "id": "CVE-2020-35728" }, { "date": "2021-04-27T15:37:46", "db": "PACKETSTORM", "id": "162350" }, { "date": "2021-05-06T15:03:00", "db": "PACKETSTORM", "id": "162493" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2020-12-27T00:00:00", "db": "CNNVD", "id": "CNNVD-202012-1602" }, { "date": "2020-12-27T05:15:11.590000", "db": "NVD", "id": "CVE-2020-35728" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-02T00:00:00", "db": "VULHUB", "id": "VHN-379341" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2020-35728" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-07-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202012-1602" }, { "date": "2023-11-07T03:22:02.627000", "db": "NVD", "id": "CVE-2020-35728" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202012-1602" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Pillow Buffer error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202006-1824">var-202006-1824</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). FasterXML jackson-databind contains an untrusted data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.5. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:</p> <p>Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. </p> <p>It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. </p> <p>The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>==================================================================== <br /> Red Hat Security Advisory</p> <p>Synopsis: Important: Satellite 6.8 release Advisory ID: RHSA-2020:4366-01 Product: Red Hat Satellite 6 Advisory URL: https://access.redhat.com/errata/RHSA-2020:4366 Issue date: 2020-10-27 CVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781 CVE-2019-16782 CVE-2020-5216 CVE-2020-5217 CVE-2020-5267 CVE-2020-7238 CVE-2020-7663 CVE-2020-7942 CVE-2020-7943 CVE-2020-8161 CVE-2020-8184 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10693 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195 CVE-2020-14334 CVE-2020-14380 ==================================================================== 1. Summary:</p> <p>An update is now available for Red Hat Satellite 6.8 for RHEL 7. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Relevant releases/architectures:</li> </ol> <p>Red Hat Satellite 6.7 - noarch, x86_64 Red Hat Satellite Capsule 6.8 - noarch, x86_64</p> <ol> <li>Description:</li> </ol> <p>Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. </p> <p>Security Fix(es):</p> <ul> <li>mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) (CVE-2018-3258)</li> <li>netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)</li> <li>rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7663)</li> <li>puppet: puppet server and puppetDB may leak sensitive information via metrics API (CVE-2020-7943)</li> <li>jackson-databind: multiple serialization gadgets (CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)</li> <li>foreman: unauthorized cache read on RPM-based installations through local user (CVE-2020-14334)</li> <li>Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover (CVE-2020-14380)</li> <li>Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS (CVE-2019-12781)</li> <li>rubygem-rack: hijack sessions by using timing attacks targeting the session id (CVE-2019-16782)</li> <li>rubygem-secure_headers: limited header injection when using dynamic overrides with user input (CVE-2020-5216)</li> <li>rubygem-secure_headers: directive injection when using dynamic overrides with user input (CVE-2020-5217)</li> <li>rubygem-actionview: views that use the <code>j</code> or <code>escape_javascript</code> methods are susceptible to XSS attacks (CVE-2020-5267)</li> <li>puppet: Arbitrary catalog retrieval (CVE-2020-7942)</li> <li>rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)</li> <li>rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names (CVE-2020-8184)</li> <li>hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)</li> <li>puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL (CVE-2018-11751)</li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. </p> <p>Additional Changes:</p> <ul> <li> <p>Provides the Satellite Ansible Modules that allow for full automation of your Satellite configuration and deployment. </p> </li> <li> <p>Adds ability to install Satellite and Capsules and manage hosts in a IPv6 network environment</p> </li> <li> <p>Ansible based Capsule Upgrade automation: Ability to centrally upgrade all of your Capsule servers with a single job execution. </p> </li> <li> <p>Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest version of Puppet</p> </li> <li> <p>Support for HTTP UEFI provisioning</p> </li> <li> <p>Support for CAC card authentication with Keycloak integration</p> </li> <li> <p>Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8 using the LEAPP based tooling. </p> </li> <li> <p>Support for Red Hat Enterprise Linux Traces integration</p> </li> <li> <p>satellite-maintain & foreman-maintain are now self updating</p> </li> <li> <p>Notifications in the UI to warn users when subscriptions are expiring. </p> </li> </ul> <p>The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. </p> <ol> <li>Solution:</li> </ol> <p>Before applying this update, make sure all previously released errata relevant to your system have been applied. </p> <p>For details on how to apply this update, refer to:</p> <p>https://access.redhat.com/articles/11258</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1160344 - [RFE] Satellite support for cname as alternate cname for satellite server 1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems 1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy 1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt 1398317 - For the vms built by Satellite 6 using "Network Based" installation mode on VMWare, unable to change the boot sequence via BIOS 1410616 - [RFE] Prominent notification of expiring subscriptions. 1410916 - Should only be able to add repositories you have access to 1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3 1461781 - [RFE]A button should be available in the GUI to clear the recurring logics. 1469267 - need updated rubygem-rake 1486446 - Content view versions list has slow query for package count 1486696 - 'hammer host update' removes existing host parameters 1494180 - Sorting by network address for subnet doesn't work properly 1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost 1503037 - [RFE] Cancelled future/recurring job invocations should not get the status "failed" but rather "cancelled" 1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for "172.17.0.101" 1531674 - Operating System Templates are ordered inconsistently in UI. 1537320 - [RFE] Support for Capsules at 1 version lower than Satellite 1543316 - Satellite 6.2 Upgrade Fails with error "rake aborted! NoMethodError: undefined method <code>first' for nil:NilClass" when there are custom bookmarks created 1563270 - Sync status information is lost after cleaning up old tasks related to sync. 1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers ('ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES256-GCM-SHA384') 1571907 - Passenger threads throwing tracebacks on API jobs after spawning 1576859 - [RFE] Implement automatic assigning subnets through data provided by facter 1584184 - [RFE] The locked template is getting overridden by default 1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box 1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template 1608001 - Rearrange search/filter options on Red Hat Repositories page. 1613391 - race condition on removing multiple organizations simultaneously 1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot 1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version 1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui 1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization 1625258 - Having empty "Allocation (GB)" when creating a new Host, nil:NilClass returned on creating the Host 1627066 - Unable to revert to the original version of the provisioning template 1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules 1630536 - yum repos password stored as cleartext 1632577 - Audit log show 'missing' for adding/removing repository to a CV 1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) 1645062 - host_collection controller responds with 200 instead of 201 to a POST request 1645749 - repositories controller responds with 200 instead of 201 to a POST request 1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build 1647364 - [RFE] Extend the audits by the http request id 1647781 - Audits contain no data (Added foo to Missing(ID: x)) 1651297 - Very slow query when using facts on user roles as filters 1653217 - [RFE] More evocative name for Play Ansible Roles option? 1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks 1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role, 1659418 - katello-tracer-upload failing with error "ImportError: No module named katello" 1665277 - subscription manager register activation key with special character failed 1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal 1666693 - Command "hammer subscription list" is not correctly showing the comment "Guests of " in the "Type" field in the output. 1677907 - Ansible API endpoints return 404 1680157 - [RFE] Puppet 'package' provider type does not support selecting modularity streams 1680458 - Locked Report Templates are getting removed. 1680567 - Reporting Engine API to list report template per organization/location returns 404 error 1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite 1685949 - [RFE] Support passing of attribute name instead of Id's in RHV workflow 1687116 - kernel version checks should not use /lib/modules to determine running version 1688886 - subscription-manager not attaching the right quantity per the cpu core 1691416 - Delays when many clients upload tracer data simultaneously 1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself 1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don't match runtime permissions 1705097 - An empty report file doesn't show any headers 1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service 1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed 1710511 - Filter by os_minor includes unexpected values on the Satellite web UI. 1715999 - Use Infoblox API for DNS conflict check and not system resolver 1716423 - Nonexistent quota can be set 1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page 1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array 1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally 1719509 - [RFE] "hammer host list" including erratas information 1719516 - [RFE] "hammer host-collection hosts" including erratas information 1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition 1721419 - SSH key cannot be added when FIPS enabled 1722954 - Slow performance when running "hammer host list" with a high number of Content Hosts (15k+ for example) 1723313 - foreman_tasks:cleanup description contain inconsistent information 1724494 - [Capsule][smart_proxy_dynflow_core] "PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start" 1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS 1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name 1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear 1730083 - [RFE] Add Jobs button to host detail page 1731155 - Cloud init template missing snippet compared to Kickstart default user data 1731229 - podman search against Red Hat Satellite 6 fails. 1731235 - [RFE] Create Report Template to list inactive hosts 1733241 - [RFE] hammer does not inherit parent location information 1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN 1736809 - undefined method</code>split' for nil:NilClass when viewing the host info with hammer 1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host. 1737564 - [RFE] Support custom images on Azure 1738548 - Parameter --openscap-proxy-id is missing in hammer host create command. 1740943 - Increasing Ansible verbosity level does not increase the verbosity of output 1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location. 1743776 - Error while deleting the content view version. 1745516 - Multiple duplicate index entries are present in candlepin database 1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI. 1749692 - Default Rhel8 scap content does not get populated on the Satellite 1749916 - [RFE] Satellite should support certificates with > 2048 Key size 1751981 - Parent object properties are not propagated to Child objects in Location and Host Group 1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command 1753551 - Traces output from Satellite GUI has mismatches with client tracer output 1756991 - 2 inputs with same name -> uninitialized constant #<Class:0x000000000b894c38>::NonUniqueInputsError 1757317 - [RFE] Dynflow workers extraction 1757394 - [BUG] Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via Satellite 6 API 1759160 - Rake task for cleaning up DHCP records on proxy 1761872 - Disabled buttons are still working 1763178 - [RFE] Unnecessary call to userhelp and therefore log entries 1763816 - [RFE] Report which users access the API 1766613 - Fact search bar broken and resets to only searching hostname 1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting 1767497 - Compute Resource filter does not correctly allow Refresh Cache 1767635 - [RFE] Enable Organization and Location to be entered not just selected 1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer. 1770544 - Puppet run job notification do not populate "%{puppet_options}"' value 1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method <code>[]' for nil:NilClass 1771367 - undefined method</code>request_uri' when Openidc Provider Token Endpoint is none 1771428 - Openscap documentation link on Satellite 6 webui is broke 1771484 - Client side documentation links are not branded 1771693 - 'Deployed on' parameter is not listed in API output 1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order 1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again 1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt 1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare 1774710 - UI: When selecting the server type in ldap authentication, "attribute mappings" fields could be populated automatically 1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines) 1778503 - Prepended text on OS name creation 1778681 - Some pages are missing title in html head 1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI. 1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly 1782352 - [RHEL 8.1 client] All packages are not getting updated after click on "Update All Packages" 1782426 - Viewing errata from a repository returns incorrect unfiltered results 1783568 - [RFE] - Bulk Tracer Remediation 1783882 - Ldap refresh failed with "Validation failed: Adding would cause a cycle!" 1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log 1784341 - disable CertificateRevocationListTask job in candlepin.conf by default 1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file 1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6. 1785624 - [UI] Importing templates with associate 'never' is not resulting as expected 1785683 - Does not load datacenter when multiple compute resources are created for same VCenter 1785902 - Ansible RunHostJob tasks failed with "Failed to initialize: NoMethodError - undefined method <code>[]' for nil:NilClass" 1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date 1787329 - change filename in initrd live CPIO archive to fdi.iso 1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL 1788958 - [RFE] add "elapsed time" column to export and hammer, make it filterable in WebUI 1789006 - Smart proxy dynflow core listens on 0.0.0.0 1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id 1789434 - Template editor not always allows refreshing of the preview pane 1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely 1789686 - Non-admin user with enough permissions can't generate report of applicable errata 1789815 - The "start" parameter should be mentioned inside "--compute-attributes:" in hammer_cli for Satellite 6 1789911 - "foreman-rake katello:publish_unpublished_repositories" is referring to column which no longer exists in katello_repositories table. 1789924 - [RFE] As user I want to see a "disabled" status for Simple Content Access (Golden Ticketed) Orgs 1791654 - drop config_templates api endpoints and parameters 1791656 - drop deprecated host status endpoint 1791658 - drop reports api endpoint 1791659 - Remove</code>use_puppet_default<code>api params 1791663 - remove deprecated permissions api parameters 1791665 - drop deprecated compute resource uuid parameter 1792131 - [UI] Could not specify organization/location for users that come from keycloak 1792135 - Not able to login again if session expired from keycloak 1792174 - [RFE] Subscription report template 1792304 - When generating custom report, leave output format field empty 1792378 - [RFE] Long role names are cut off in the roles UI 1793951 - [RFE] Display request UUID on audits page 1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists 1794346 - Change the label for the flashing eye icon during user impersonation 1794641 - Sync status page's content are not being displayed properly. 1795809 - HTML tags visible on paused task page 1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled 1796205 - iso upload: correctly check if upload directory exists 1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1796259 - loading subscriptions page is very slow 1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode 1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout 1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server 1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state. 1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host 1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input 1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input 1802529 - Repository sync in tasks page shows percentage in 17 decimal points 1802631 - Importing Ansible variables yields NoMethodError: undefined method</code>map' for nil:NilClass (initialize_variables) [variables_importer.rb] 1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none 1804496 - While performing bulk actions, unable to select all tasks under Monitor --> Tasks page. 1804651 - Missing information about "Create Capsule" via webUI 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7 1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error 1806842 - Disabling dynflow_enable_console from setting should hide "Dynflow console" in Tasks 1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method <code>mtu' 1807042 - [RFE] Support additional disks for VM on Azure Compute Resource 1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics. 1807829 - Generated inventory file doesn't exist 1807946 - Multiple duplicate index entries are present in foreman database 1808843 - Satellite lists unrelated RHV storage domains using v4 API 1810250 - Unable to delete repository - Content with ID could not be found 1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd 1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection 1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic "errata" page instead 1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units 1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana's API specification 1812904 - 'Hypervisors' task fails with 'undefined method</code>[]' for nil:NilClass' error 1813005 - Prevent --tuning option to be applied in Capsule servers 1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker) 1814095 - Applicable errata not showing up for module stream errata 1815104 - Locked provisioning template should not be allowed to add audit comment 1815135 - hammer does not support description for custom repositories 1815146 - Backslash escapes when downloading a JSON-formatted report multiple times 1815608 - Content Hosts has Access to Content View from Different Organization 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1816699 - Satellite Receptor Installer role can miss accounts under certain conditions 1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval 1816853 - Report generated by Red Hat Inventory Uploads is empty. 1817215 - Admin must be able to provide all the client ids involved inside Satellite settings. 1817224 - Loading one org's content view when switching to a different org 1817481 - Plugin does not set page <title> 1817728 - Default task polling is too frequent at scale 1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com. 1818062 - Deprecated message about katello agent being shown on content host registration page 1818816 - Web console should open in a new tab/window 1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.<em>.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1820193 - Deleted Global Http Proxy is still being used during repository sync. 1820245 - reports in JSON format can't handle unicode characters 1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512 1821335 - Inventory plugin captures information for systems with any entitlement 1821457 - [RFE] Capsules shouldn't update hosts' "Registered through" facts on the Satellite server in a load-balanced configuration. 1821629 - Eager zero seems to do nothing 1821651 - Manifest import task progress remains at 0. 1821752 - New version of the plugin is available: 1.0.5 1822039 - Get HTTP error when deploying the virt-who configure plugin 1822560 - Unable to sync large openshift docker repos 1823905 - Update distributor version to sat-6.7 1823991 - [RFE] Add a more performant way to sort reports 1824183 - Virtual host get counted as physical hosts on cloud.redhat.com 1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes "Blank" 1825760 - schedule inventory plugin sync failed due to 'organization_id' typecasting issue. 1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy 1825978 - Manifest refresh failed with 'Katello::Errors::CandlepinError Invalid credentials.' error 1826298 - even when I cancel ReX job, remediation still shows it as running 1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images 1826515 - [RFE] Consume Candlepin events via STOMP 1826625 - Improve performance of externalNodes 1826678 - New version of the plugin is available: 2.0.6 1826734 - Tasks uses wrong controller name for bookmarks 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories 1827583 - Installing dhcp_isc and dhcp_remote_isc fails with "You cannot specify the same gem twice with different version requirements.....You specified: rsec (< 1) and rsec (>= 0)" 1828257 - Receptor init file missing [Install] section, receptor service won't run after restart 1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API 1828549 - Manifest Certificate Exposed by Unprivileged User 1828682 - Create compute resource shows console error 'Cannot read property 'aDataSort' of undefined' 1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default 1828868 - Add keep alive option in Receptor node 1829487 - Ansible verbosity level does not work 1829766 - undefined method <code>tr' for nil:NilClass when trying to get a new DHCP lease from infoblox 1830253 - Default job templates are not locked 1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time 1830834 - Unable to update default value of a smart class parameter (Sql query error). 1830860 - Refactor loading regions based on subscription dynamically 1830882 - Red Hat Satellite brand icon is missing 1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo 1831528 - CVE-2020-5267 rubygem-actionview: views that use the</code>j<code>or</code>escape_javascript<code>methods are susceptible to XSS attacks 1833031 - Improve RH account ID fetching in cloud connector playbook 1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished) 1833039 - Introduce error code to playbook_run_finished response type 1833311 - "Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid" while creating scap policy with ansible deployment option. 1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of '/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud' returned 1: Error: Nothing to do 1834377 - Disable mongo FTDC 1834866 - Missing macro for "registered_at" host subscription facet 1834898 - Login Page background got centralized and cropped 1835189 - Missing macro for "host_redhat_subscriptions" in host subscription facet 1835241 - Some applicability of the consumers are not recalculated after syncing a repository 1835882 - While executing "Configure Cloud Connector" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting 1836155 - Support follow on rails, travis and i18n work for AzureRm plugin 1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman. 1836774 - Some foreman services failed to start (pulp_streamer) 1836845 - "Generate at" in report template should be current date 1837951 - "invalid Unicode Property \p: /\b\perform various actions through those proxies\b(?!-)/" warning messages appears in dynflow-sidekiq@worker-hosts-queue 1838160 - 'Registered hosts' report does not list kernel release for rhsm clients 1838191 - Arrow position is on left rather in the middle under "Start Time" 1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory 1838917 - Repositories are not showing their available Release versions due to a low default db pool size 1838963 - Hypervisors from Satellite, never makes their way to HBI 1838965 - Product name link is not working on the activation keys "Repository Sets" tab. 1839025 - Configure Cloud Connector relies on information which is no longer provided by the API 1839649 - satellite-installer --reset returns a traceback 1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds 1839779 - undefined local variable or method</code>implicit_order_column' for #<ActiveRecord::Associations::CollectionProxy> on GET request to /discovery_rules endpoint 1839966 - New version of the plugin is available: 2.0.7 1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out . 1840191 - Validate parameters passed by receptor to the receptor-satellite plugin 1840218 - ArgumentError: wrong number of arguments 1840525 - Content host list doesn't update after the successful deletion of content host. 1840635 - Proxy has failed to load one or more features (Realm) 1840723 - Selected scenario is DISABLED, can not continue 1840745 - Satellite installation failed with puppet error " No Puppet module parser is installed" 1841098 - Failed to resolve package dependency while doing satellite upgrade. 1841143 - Known hosts key removal may fail hard, preventing host from being provisioned 1841573 - Clicking breadcrumb "Auth Source Ldaps" on Create LDAP Auth Source results in "The page you were looking for doesn't exist." 1841818 - icons missing on /pub download page 1842900 - ERROR! the role 'satellite-receptor' was not found in ... 1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/ 1843406 - In 6.8, Receptor installation playbook's inputs are visible again 1843561 - Report templates duplicated 1843846 - Host - Registered Content Hosts report: "Safemode doesn't allow to access 'report_hraders' on #<Safemode::ScopeObject>" 1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8 1843926 - satellite-change-hostname fails when running nsupdate 1844142 - [RFE] Drop a subsription-manager fact with the satellite version 1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP 1845486 - [RFE] Able to select 'HTTP Proxy' during Compute Resource create for 'GCE' as similar to EC2 1845860 - hammer org add-provisioning-template command returns Error: undefined method <code>[]' for nil:NilClass 1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1846254 - need to restart services after enabling leapp plugin 1846313 - Add index on locks for resource type and task id 1846317 - undefined method</code>klass' for nil:NilClass 1846421 - build pxe default do not work when more than 1 provider 1846593 - Satellite-installer failed with error "Could not find a suitable provider for foreman_smartproxy" while doing upgrade from 6.7 to 6.8 1847019 - Empty applicability for non-modular repos 1847063 - Slow manifest import and/or refresh 1847407 - load_pools macro not in list of macros 1847645 - Allow override of Katello's DISTRIBUTOR_VERSION 1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details. 1847840 - Libvirt note link leads to 404 1847871 - Combined Profile Update: ArgumentError: invalid argument: nil. 1848291 - Download kernel/initram for kexec asynchronously 1848535 - Unable to create a pure IPv6 host 1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8) 1848902 - ERF42-0258 [Foreman::Exception]: <uuid> is not valid, enter id or name 1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory 1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool 1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms 1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule 1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names 1849656 - ERROR! You cannot use loops on 'import_tasks' statements. You should use 'include_tasks' instead. 1849680 - Task progress decimal precision discrepancy between UI, CLI, and API 1849869 - Unable to recycle the dynflow executor 1850355 - Auth Source Role Filters are not working in Satellite 6.8 1850536 - Can't add RHEV with APIv3 through Hammer 1850914 - Checksum type "sha256" is not available for all units in the repository. Make sure those units have been downloaded 1850934 - Satellite-installer failed with error "Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)" 1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates 1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9 1851167 - Autoattach -> "undefined" subscription added 1851176 - Subscriptions do not provide any repository sets 1851952 - "candlepin_events FAIL Not running" and wont restart 1852371 - Allow http proxy ports by default 1852723 - Broken link for documentation on installation media page 1852733 - Inventory upload documentation redirects to default location 1852735 - New version of the plugin is available: 2.0.8 1853076 - large capsule syncs cause slow processing of dynflow tasks/steps 1853200 - foreman-rake-db:migrate Fails on "No indexes found on foreman_tasks_locks with the options provided" 1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7 1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh 1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views 1853572 - Broken documentation link for 'RHV' in Compute Resource 1854138 - System purpose status should show as 'disabled' when Satellite is in Simple Content Access mode. 1854397 - Compliance reports are not being uploaded to satellite. 1854530 - PG::NotNullViolation when syncing hosts from cloud 1855008 - Host parameters are set after the host is created. 1855254 - Links to documentation broken in HTTP Proxies setup 1855348 - katello_applicability accidentally set to true at install 1855710 - 'Ensure RPM repository is configured and enabled' task says 'FIXME' 1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page. 1856379 - Add missing VM creation tests 1856401 - [RFE] Add module to create HTTP Proxy 1856831 - New version of the plugin is available: 2.0.9 1856837 - undefined method '#httpboot' for NilClass::Jail (NilClass) when creating an IPv6 only host 1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500 1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos 1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos 1857377 - Capsule Upgrade Playbook fails with "Failed to initialize: NoMethodError - undefined method <code>default_capsule' for Katello:Module" 1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError 1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename. 1857726 - Warnings are shown during the satellite package installation on RHEL 7.9 1858237 - Upgraded Satellite has duplicated katello_pools indexes 1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user 1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite 1858855 - Creating compute resources on IPV6 network does not fail gracefully 1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf 1859194 - load_hosts macro duplicated in a list of macros 1859276 - Need to update the deprecation warning message on Statistics and Trends page. 1859705 - Tomcat is not running on fresh Capsule installation 1859929 - User can perform other manifest actions while the first one starts 1860351 - 'Host - compare content hosts packages' report fails with error 'undefined method '#first' for NilClass' 1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed 1860422 - Host with remediations can't be removed 1860430 - 'Host - compare content hosts packages' report: Safemode doesn't allow to access 'version'... 1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service 1860519 - Browsing capsule /pub directory with https fails with forbidden don't have permission to access /pub/ error. 1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8 1860587 - Documentation link in Administer -> About pointing to 6.6 document. 1860835 - Installed Packages not displayed on About page 1860957 - Unable to select an organization for sync management 1861367 - Import Template sync never completes 1861397 - UI dialog for Capsule Upgrade Playbook job doesn't state whitelist_options is required 1861422 - Error encountered while handling the response, replying with an error message ('plugin_config') 1861656 - smart-proxy-openscap-send command fails to upload reports to satellite. 1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request 1861766 - Add ability to list traces by host with hammer 1861807 - Cancel/Abort button should be disabled once REX job is finish 1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer 1861831 - satellite-change-hostname cannot change the satellite hostname after failing. 1861890 - Recommended repos do not match Satellite version 1861970 - Content -> Product doesn't work when no organization is selected 1862135 - updating hosts policy using bulk action fails with sql error 1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite. 1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6 1865871 - Obfuscated hosts do not have domain reported 1865872 - Templates doc - examples on onepage.html are not processed 1865874 - Add inventory status to host 1865876 - Make recommendations count in hosts index a link 1865879 - Add automatic scheduler for insights sync 1865880 - Add an explanation how to enable insights sync 1865928 - Templates documentation help page has hard-coded Satellite setting value 1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently 1866029 - Templates DSL documentation: Parts of description are put in <pre> tag 1866436 - host search filter does not work in job invocation page 1866461 - Run action is missing in job templates page 1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page 1866700 - Hammer CLI is missing "resolve" (traces) option for katello-tracer 1866710 - Wrong API endpoint path referenced for resolving host traces 1867239 - hammer content-view version incremental-update fails with ISE 1867287 - Error Row was updated or deleted by another transaction when deleting docker repository 1867311 - Upgrade fails when checkpoint_segments postgres parameter configured 1867399 - Receptor-satellite isn't able to deal with jobs where all the hosts are unknown to satellite 1867895 - API Create vmware ComputeResource fails with "Datacenter can't be blank" 1868183 - Unable to change virt-who hypervisor location. 1868971 - Receptor installation job doesn't properly escape data it puts into receptor.conf 1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)' messages come in upgrade and installation. 1869812 - Tasks fail to complete under load 1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow 1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found) 1871434 - theme css ".container" class rule is too generic 1871729 - ansible-runner implementation depends on third party repository for ansible-runner package. 1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout 1871978 - Bug in provisioning_template Module 1872014 - Enable web console on host error in "Oops, we're sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console" 1872041 - Host search returns incorrect result 1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result 1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover 1874143 - Red Hat Inventory Uploads does not use proxy 1874160 - Changing Content View of a Content Host needs to better inform the user around client needs 1874168 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception' 1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file 1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts) 1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow 1874176 - Unable to search by value of certain Hostgroup parameter 1874422 - Hits Sync uses only old proxy setting 1874619 - Hostgroup tag is never reported in slice 1875357 - After upgrade server response check failed for candlepin. 1875426 - Azure VM provision fails with error</code>requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url` 1875660 - Reporting Template macros host_cores is not working as expected 1875667 - Audit page list incorrect search filter 1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only 1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding 1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries 1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-</em>.csv 1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-<em>.csv 1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-</em>.csv 1878194 - In Capsule upgrade, "yum update" dump some error messages. 1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled 1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections 1878850 - creating host from hg doesn't resolves the user-data template 1879151 - Remote execution status not updating with large number of hosts 1879448 - Add hits details to host details page 1879451 - Stop uploading if Satellite's setting is disconnected 1879453 - Add plugin version to report metadata 1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP 1880637 - [6.8] satellite-installer always runs upgrade steps 1881066 - Safemode doesn't allow to access 'host_cores' on #<Safemode::ScopeObject> 1881078 - Use Passenger instead of Puma as the Foreman application server 1881988 - [RFE] IPv6 support for Satellite 6.8 1882276 - Satellite installation fails at execution of '/usr/sbin/foreman-rake -- config -k 'remote_execution_cockpit_url' -v '/webcon/=%{host}'' 1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results 1883093 - installer-upgrade failed with error "Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)" 1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error "HTTP error (500 - Internal Server Error): Unable to register system, not all services available" 1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals 1887489 - Insights rules can't be loaded on freshly installed Satellite system 1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO</p> <ol> <li>Package List:</li> </ol> <p>Red Hat Satellite Capsule 6.8:</p> <p>Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm</p> <p>noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-nodes-child-2.21.3-1.el7sat.noarch.rpm pulp-nodes-common-2.21.3-1.el7sat.noarch.rpm pulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm</p> <p>x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm</p> <p>Red Hat Satellite 6.7:</p> <p>Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm candlepin-3.1.21-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm foreman-selinux-2.1.2.3-1.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pcp-mmvstatsd-0.4-2.el7sat.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-aiohttp-3.6.2-4.el7ar.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-async-timeout-3.0.1-2.el7ar.src.rpm python-attrs-19.3.0-3.el7ar.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-chardet-3.0.4-10.el7ar.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-dateutil-2.8.1-2.el7ar.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-idna-2.4-2.el7ar.src.rpm python-idna-ssl-1.1.0-2.el7ar.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-multidict-4.7.4-2.el7ar.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-prometheus-client-0.7.1-2.el7ar.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-receptor-satellite-1.2.0-1.el7sat.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-six-1.11.0-8.el7ar.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-typing-extensions-3.7.4.1-2.el7ar.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-yarl-1.4.2-2.el7ar.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm receptor-0.6.3-1.el7ar.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm rubygem-facter-2.4.1-2.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm rubygem-passenger-4.0.18-24.el7sat.src.rpm rubygem-rack-1.6.12-1.el7sat.src.rpm rubygem-rake-0.9.2.2-41.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm tfm-rubygem-audited-4.9.0-3.el7sat.src.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm tfm-rubygem-builder-3.2.4-1.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm tfm-rubygem-crass-1.0.6-1.el7sat.src.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm tfm-rubygem-deface-1.5.3-2.el7sat.src.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm tfm-rubygem-excon-0.58.0-3.el7sat.src.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm tfm-rubygem-facter-2.4.0-6.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm tfm-rubygem-fx-0.5.0-1.el7sat.src.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm tfm-rubygem-git-1.5.0-1.el7sat.src.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-3.3.0-1.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-locale-2.0.9-13.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm tfm-rubygem-mail-2.7.1-1.el7sat.src.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm tfm-rubygem-os-1.0.0-1.el7sat.src.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm tfm-rubygem-pg-1.1.4-2.el7sat.src.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm tfm-rubygem-puma-4.3.3-4.el7sat.src.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm tfm-rubygem-redis-4.1.2-2.el7sat.src.rpm tfm-rubygem-representable-3.0.4-1.el7sat.src.rpm tfm-rubygem-responders-3.0.0-3.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm tfm-rubygem-signet-0.11.0-3.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm tfm-rubygem-text-1.3.0-7.el7sat.src.rpm tfm-rubygem-thor-1.0.1-2.el7sat.src.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm tfm-rubygem-uber-0.1.0-1.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm</p> <p>noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm candlepin-3.1.21-1.el7sat.noarch.rpm candlepin-selinux-3.1.21-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-2.1.2.19-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-cli-2.1.2.19-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm foreman-ec2-2.1.2.19-1.el7sat.noarch.rpm foreman-gce-2.1.2.19-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-journald-2.1.2.19-1.el7sat.noarch.rpm foreman-libvirt-2.1.2.19-1.el7sat.noarch.rpm foreman-openstack-2.1.2.19-1.el7sat.noarch.rpm foreman-ovirt-2.1.2.19-1.el7sat.noarch.rpm foreman-postgresql-2.1.2.19-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm foreman-selinux-2.1.2.3-1.el7sat.noarch.rpm foreman-service-2.1.2.19-1.el7sat.noarch.rpm foreman-telemetry-2.1.2.19-1.el7sat.noarch.rpm foreman-vmware-2.1.2.19-1.el7sat.noarch.rpm katello-3.16.0-1.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm katello-selinux-3.4.0-1.el7sat.noarch.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm python3-async-timeout-3.0.1-2.el7ar.noarch.rpm python3-attrs-19.3.0-3.el7ar.noarch.rpm python3-chardet-3.0.4-10.el7ar.noarch.rpm python3-dateutil-2.8.1-2.el7ar.noarch.rpm python3-idna-2.4-2.el7ar.noarch.rpm python3-idna-ssl-1.1.0-2.el7ar.noarch.rpm python3-prometheus-client-0.7.1-2.el7ar.noarch.rpm python3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm python3-six-1.11.0-8.el7ar.noarch.rpm python3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm receptor-0.6.3-1.el7ar.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm rubygem-rack-1.6.12-1.el7sat.noarch.rpm rubygem-rake-0.9.2.2-41.el7sat.noarch.rpm satellite-6.8.0-1.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-cli-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm tfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm tfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm tfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm tfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm tfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm tfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm tfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm tfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm tfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm tfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm tfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm tfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm</p> <p>x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_passenger-4.0.18-24.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm pcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm python3-aiohttp-3.6.2-4.el7ar.x86_64.rpm python3-multidict-4.7.4-2.el7ar.x86_64.rpm python3-yarl-1.4.2-2.el7ar.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm rubygem-facter-2.4.1-2.el7sat.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm rubygem-passenger-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm</p> <p>These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/</p> <ol> <li>References:</li> </ol> <p>https://access.redhat.com/security/cve/CVE-2018-3258 https://access.redhat.com/security/cve/CVE-2018-11751 https://access.redhat.com/security/cve/CVE-2019-12781 https://access.redhat.com/security/cve/CVE-2019-16782 https://access.redhat.com/security/cve/CVE-2020-5216 https://access.redhat.com/security/cve/CVE-2020-5217 https://access.redhat.com/security/cve/CVE-2020-5267 https://access.redhat.com/security/cve/CVE-2020-7238 https://access.redhat.com/security/cve/CVE-2020-7663 https://access.redhat.com/security/cve/CVE-2020-7942 https://access.redhat.com/security/cve/CVE-2020-7943 https://access.redhat.com/security/cve/CVE-2020-8161 https://access.redhat.com/security/cve/CVE-2020-8184 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11619 https://access.redhat.com/security/cve/CVE-2020-14061 https://access.redhat.com/security/cve/CVE-2020-14062 https://access.redhat.com/security/cve/CVE-2020-14195 https://access.redhat.com/security/cve/CVE-2020-14334 https://access.redhat.com/security/cve/CVE-2020-14380 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK 1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa 5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr oomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f Z8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io OhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX k9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG C2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5 /6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta D2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a f4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG 1yK/tAm1KBU=osSG -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The purpose of this text-only errata is to inform you about the security issues fixed in this release. </p> <p>Security Fix(es):</p> <ul> <li> <p>netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)</p> </li> <li> <p>dom4j (CVE-2018-1000632)</p> </li> <li> <p>elasticsearch (CVE-2018-3831)</p> </li> <li> <p>pdfbox (CVE-2018-11797)</p> </li> <li> <p>vertx (CVE-2018-12541)</p> </li> <li> <p>spring-data-jpa (CVE-2019-3797)</p> </li> <li> <p>mina-core (CVE-2019-0231)</p> </li> <li> <p>jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540 CVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943 CVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619 CVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)</p> </li> <li> <p>jackson-mapper-asl (CVE-2019-10172)</p> </li> <li> <p>hawtio (CVE-2019-9827)</p> </li> <li> <p>undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)</p> </li> <li> <p>santuario (CVE-2019-12400)</p> </li> <li> <p>apache-commons-beanutils (CVE-2019-10086)</p> </li> <li> <p>cxf (CVE-2019-17573)</p> </li> <li> <p>apache-commons-configuration (CVE-2020-1953)</p> </li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:</p> <p>Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. </p> <p>Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1728604 - CVE-2019-9827 hawtio: server side request forgery via initial /proxy/ substring of a URI 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource 1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig 1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package 1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package 1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package 1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.<em> 1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource 1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source 1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default 1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS 1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.</em> 1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking 1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page 1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header 1798524 - CVE-2019-20444 netty: HTTP request smuggling 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1815212 - CVE-2020-1953 apache-commons-configuration: uncontrolled class instantiation when loading YAML files 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory 1848960 - CVE-2020-14060 jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool 1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool 1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms</p> <p>5</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202006-1824" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202006-1824" aria-expanded="false" aria-controls="collapseJsonvar-202006-1824"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202006-1824&t=Vulnerability var-202006-1824" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202006-1824&title=Vulnerability var-202006-1824" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202006-1824&url=https://vulnerability.circl.lu/vuln/var-202006-1824" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202006-1824&title=Vulnerability var-202006-1824" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202006-1824&description=Vulnerability var-202006-1824" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202006-1824&title=Vulnerability var-202006-1824" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202006-1824')" vuln-id="var-202006-1824" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202006-1824"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202006-1824">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1824", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ucosminexus application server", "scope": null, "trust": 1.6, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ucosminexus service platform", "scope": null, "trust": 1.6, "vendor": "\u65e5\u7acb", "version": null }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "9.5" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.3" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.1" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.4.0" }, { "model": "steelstore cloud integrated storage", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.2" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.2" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "7.3" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.1" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.5.0" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications calendar server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.5" }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ucosminexus application server-r", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "hitachi ops center common services", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ucosminexus developer", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "jackson-databind", "scope": null, "trust": 0.8, "vendor": "fasterxml", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-006820" }, { "db": "NVD", "id": "CVE-2020-14061" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.5", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "versionStartIncluding": "9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-14061" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "CNNVD", "id": "CNNVD-202006-995" } ], "trust": 1.0 }, "cve": "CVE-2020-14061", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-14061", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-166902", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-14061", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-14061", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202006-995", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-166902", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-14061", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-166902" }, { "db": "VULMON", "id": "CVE-2020-14061" }, { "db": "JVNDB", "id": "JVNDB-2020-006820" }, { "db": "CNNVD", "id": "CNNVD-202006-995" }, { "db": "NVD", "id": "CVE-2020-14061" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). FasterXML jackson-databind contains an untrusted data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.5. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Satellite 6.8 release\nAdvisory ID: RHSA-2020:4366-01\nProduct: Red Hat Satellite 6\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4366\nIssue date: 2020-10-27\nCVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781\n CVE-2019-16782 CVE-2020-5216 CVE-2020-5217\n CVE-2020-5267 CVE-2020-7238 CVE-2020-7663\n CVE-2020-7942 CVE-2020-7943 CVE-2020-8161\n CVE-2020-8184 CVE-2020-8840 CVE-2020-9546\n CVE-2020-9547 CVE-2020-9548 CVE-2020-10693\n CVE-2020-10968 CVE-2020-10969 CVE-2020-11619\n CVE-2020-14061 CVE-2020-14062 CVE-2020-14195\n CVE-2020-14334 CVE-2020-14380\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Satellite 6.8 for RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Satellite 6.7 - noarch, x86_64\nRed Hat Satellite Capsule 6.8 - noarch, x86_64\n\n3. Description:\n\nRed Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized tool. \n\nSecurity Fix(es):\n\n* mysql-connector-java: Connector/J unspecified vulnerability (CPU October\n2018) (CVE-2018-3258)\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n* rubygem-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7663)\n* puppet: puppet server and puppetDB may leak sensitive information via\nmetrics API (CVE-2020-7943)\n* jackson-databind: multiple serialization gadgets (CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)\n* foreman: unauthorized cache read on RPM-based installations through local\nuser (CVE-2020-14334)\n* Satellite: Local user impersonation by Single sign-on (SSO) user leads to\naccount takeover (CVE-2020-14380)\n* Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n(CVE-2019-12781)\n* rubygem-rack: hijack sessions by using timing attacks targeting the\nsession id (CVE-2019-16782)\n* rubygem-secure_headers: limited header injection when using dynamic\noverrides with user input (CVE-2020-5216)\n* rubygem-secure_headers: directive injection when using dynamic overrides\nwith user input (CVE-2020-5217)\n* rubygem-actionview: views that use the `j` or `escape_javascript` methods\nare susceptible to XSS attacks (CVE-2020-5267)\n* puppet: Arbitrary catalog retrieval (CVE-2020-7942)\n* rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)\n* rubygem-rack: percent-encoded cookies can be used to overwrite existing\nprefixed cookie names (CVE-2020-8184)\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n* puppet-agent: Puppet Agent does not properly verify SSL connection when\ndownloading a CRL (CVE-2018-11751)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\n* Provides the Satellite Ansible Modules that allow for full automation of\nyour Satellite configuration and deployment. \n\n* Adds ability to install Satellite and Capsules and manage hosts in a IPv6\nnetwork environment\n\n* Ansible based Capsule Upgrade automation: Ability to centrally upgrade\nall of your Capsule servers with a single job execution. \n\n* Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest\nversion of Puppet\n\n* Support for HTTP UEFI provisioning\n\n* Support for CAC card authentication with Keycloak integration\n\n* Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8\nusing the LEAPP based tooling. \n\n* Support for Red Hat Enterprise Linux Traces integration\n\n* satellite-maintain \u0026 foreman-maintain are now self updating\n\n* Notifications in the UI to warn users when subscriptions are expiring. \n\nThe items above are not a complete list of changes. This update also fixes\nseveral bugs and adds various enhancements. Documentation for these changes\nis available from the Release Notes document linked to in the References\nsection. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1160344 - [RFE] Satellite support for cname as alternate cname for satellite server\n1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems\n1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy\n1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt\n1398317 - For the vms built by Satellite 6 using \"Network Based\" installation mode on VMWare, unable to change the boot sequence via BIOS\n1410616 - [RFE] Prominent notification of expiring subscriptions. \n1410916 - Should only be able to add repositories you have access to\n1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3\n1461781 - [RFE]A button should be available in the GUI to clear the recurring logics. \n1469267 - need updated rubygem-rake\n1486446 - Content view versions list has slow query for package count\n1486696 - \u0027hammer host update\u0027 removes existing host parameters\n1494180 - Sorting by network address for subnet doesn\u0027t work properly\n1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost\n1503037 - [RFE] Cancelled future/recurring job invocations should not get the status \"failed\" but rather \"cancelled\"\n1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for \"172.17.0.101\"\n1531674 - Operating System Templates are ordered inconsistently in UI. \n1537320 - [RFE] Support for Capsules at 1 version lower than Satellite\n1543316 - Satellite 6.2 Upgrade Fails with error \"rake aborted! NoMethodError: undefined method `first\u0027 for nil:NilClass\" when there are custom bookmarks created\n1563270 - Sync status information is lost after cleaning up old tasks related to sync. \n1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers (\u0027ECDHE-RSA-AES128-GCM-SHA256\u0027, \u0027ECDHE-RSA-AES256-GCM-SHA384\u0027)\n1571907 - Passenger threads throwing tracebacks on API jobs after spawning\n1576859 - [RFE] Implement automatic assigning subnets through data provided by facter\n1584184 - [RFE] The locked template is getting overridden by default\n1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box\n1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template\n1608001 - Rearrange search/filter options on Red Hat Repositories page. \n1613391 - race condition on removing multiple organizations simultaneously\n1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot\n1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version\n1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui\n1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization\n1625258 - Having empty \"Allocation (GB)\" when creating a new Host, nil:NilClass returned on creating the Host\n1627066 - Unable to revert to the original version of the provisioning template\n1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules\n1630536 - yum repos password stored as cleartext\n1632577 - Audit log show \u0027missing\u0027 for adding/removing repository to a CV\n1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)\n1645062 - host_collection controller responds with 200 instead of 201 to a POST request\n1645749 - repositories controller responds with 200 instead of 201 to a POST request\n1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build\n1647364 - [RFE] Extend the audits by the http request id\n1647781 - Audits contain no data (Added foo to Missing(ID: x))\n1651297 - Very slow query when using facts on user roles as filters\n1653217 - [RFE] More evocative name for Play Ansible Roles option?\n1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks\n1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,\n1659418 - katello-tracer-upload failing with error \"ImportError: No module named katello\"\n1665277 - subscription manager register activation key with special character failed\n1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal\n1666693 - Command \"hammer subscription list\" is not correctly showing the comment \"Guests of \" in the \"Type\" field in the output. \n1677907 - Ansible API endpoints return 404\n1680157 - [RFE] Puppet \u0027package\u0027 provider type does not support selecting modularity streams\n1680458 - Locked Report Templates are getting removed. \n1680567 - Reporting Engine API to list report template per organization/location returns 404 error\n1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite\n1685949 - [RFE] Support passing of attribute name instead of Id\u0027s in RHV workflow\n1687116 - kernel version checks should not use /lib/modules to determine running version\n1688886 - subscription-manager not attaching the right quantity per the cpu core\n1691416 - Delays when many clients upload tracer data simultaneously\n1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself\n1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don\u0027t match runtime permissions\n1705097 - An empty report file doesn\u0027t show any headers\n1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service\n1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed\n1710511 - Filter by os_minor includes unexpected values on the Satellite web UI. \n1715999 - Use Infoblox API for DNS conflict check and not system resolver\n1716423 - Nonexistent quota can be set\n1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page\n1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array\n1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally\n1719509 - [RFE] \"hammer host list\" including erratas information\n1719516 - [RFE] \"hammer host-collection hosts\" including erratas information\n1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition\n1721419 - SSH key cannot be added when FIPS enabled\n1722954 - Slow performance when running \"hammer host list\" with a high number of Content Hosts (15k+ for example)\n1723313 - foreman_tasks:cleanup description contain inconsistent information\n1724494 - [Capsule][smart_proxy_dynflow_core] \"PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start\"\n1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name\n1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear\n1730083 - [RFE] Add Jobs button to host detail page\n1731155 - Cloud init template missing snippet compared to Kickstart default user data\n1731229 - podman search against Red Hat Satellite 6 fails. \n1731235 - [RFE] Create Report Template to list inactive hosts\n1733241 - [RFE] hammer does not inherit parent location information\n1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN\n1736809 - undefined method `split\u0027 for nil:NilClass when viewing the host info with hammer\n1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host. \n1737564 - [RFE] Support custom images on Azure\n1738548 - Parameter --openscap-proxy-id is missing in hammer host create command. \n1740943 - Increasing Ansible verbosity level does not increase the verbosity of output\n1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location. \n1743776 - Error while deleting the content view version. \n1745516 - Multiple duplicate index entries are present in candlepin database\n1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI. \n1749692 - Default Rhel8 scap content does not get populated on the Satellite\n1749916 - [RFE] Satellite should support certificates with \u003e 2048 Key size\n1751981 - Parent object properties are not propagated to Child objects in Location and Host Group\n1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command\n1753551 - Traces output from Satellite GUI has mismatches with client tracer output\n1756991 - 2 inputs with same name -\u003e uninitialized constant #\u003cClass:0x000000000b894c38\u003e::NonUniqueInputsError\n1757317 - [RFE] Dynflow workers extraction\n1757394 - [BUG] Non-admin users always get \"Missing one of the required permissions\" message while accessing their own table_preferences via Satellite 6 API\n1759160 - Rake task for cleaning up DHCP records on proxy\n1761872 - Disabled buttons are still working\n1763178 - [RFE] Unnecessary call to userhelp and therefore log entries\n1763816 - [RFE] Report which users access the API\n1766613 - Fact search bar broken and resets to only searching hostname\n1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting\n1767497 - Compute Resource filter does not correctly allow Refresh Cache\n1767635 - [RFE] Enable Organization and Location to be entered not just selected\n1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer. \n1770544 - Puppet run job notification do not populate \"%{puppet_options}\"\u0027 value\n1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method `[]\u0027 for nil:NilClass\n1771367 - undefined method `request_uri\u0027 when Openidc Provider Token Endpoint is none\n1771428 - Openscap documentation link on Satellite 6 webui is broke\n1771484 - Client side documentation links are not branded\n1771693 - \u0027Deployed on\u0027 parameter is not listed in API output\n1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order\n1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again\n1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt\n1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare\n1774710 - UI: When selecting the server type in ldap authentication, \"attribute mappings\" fields could be populated automatically\n1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)\n1778503 - Prepended text on OS name creation\n1778681 - Some pages are missing title in html head\n1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI. \n1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly\n1782352 - [RHEL 8.1 client] All packages are not getting updated after click on \"Update All Packages\"\n1782426 - Viewing errata from a repository returns incorrect unfiltered results\n1783568 - [RFE] - Bulk Tracer Remediation\n1783882 - Ldap refresh failed with \"Validation failed: Adding would cause a cycle!\"\n1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log\n1784341 - disable CertificateRevocationListTask job in candlepin.conf by default\n1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file\n1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6. \n1785624 - [UI] Importing templates with associate \u0027never\u0027 is not resulting as expected\n1785683 - Does not load datacenter when multiple compute resources are created for same VCenter\n1785902 - Ansible RunHostJob tasks failed with \"Failed to initialize: NoMethodError - undefined method `[]\u0027 for nil:NilClass\"\n1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date\n1787329 - change filename in initrd live CPIO archive to fdi.iso\n1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL\n1788958 - [RFE] add \"elapsed time\" column to export and hammer, make it filterable in WebUI\n1789006 - Smart proxy dynflow core listens on 0.0.0.0\n1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id\n1789434 - Template editor not always allows refreshing of the preview pane\n1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely\n1789686 - Non-admin user with enough permissions can\u0027t generate report of applicable errata\n1789815 - The \"start\" parameter should be mentioned inside \"--compute-attributes:\" in hammer_cli for Satellite 6\n1789911 - \"foreman-rake katello:publish_unpublished_repositories\" is referring to column which no longer exists in katello_repositories table. \n1789924 - [RFE] As user I want to see a \"disabled\" status for Simple Content Access (Golden Ticketed) Orgs\n1791654 - drop config_templates api endpoints and parameters\n1791656 - drop deprecated host status endpoint\n1791658 - drop reports api endpoint\n1791659 - Remove `use_puppet_default` api params\n1791663 - remove deprecated permissions api parameters\n1791665 - drop deprecated compute resource uuid parameter\n1792131 - [UI] Could not specify organization/location for users that come from keycloak\n1792135 - Not able to login again if session expired from keycloak\n1792174 - [RFE] Subscription report template\n1792304 - When generating custom report, leave output format field empty\n1792378 - [RFE] Long role names are cut off in the roles UI\n1793951 - [RFE] Display request UUID on audits page\n1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists\n1794346 - Change the label for the flashing eye icon during user impersonation\n1794641 - Sync status page\u0027s content are not being displayed properly. \n1795809 - HTML tags visible on paused task page\n1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled\n1796205 - iso upload: correctly check if upload directory exists\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1796259 - loading subscriptions page is very slow\n1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode\n1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout\n1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server\n1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state. \n1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host\n1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input\n1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input\n1802529 - Repository sync in tasks page shows percentage in 17 decimal points\n1802631 - Importing Ansible variables yields NoMethodError: undefined method `map\u0027 for nil:NilClass (initialize_variables) [variables_importer.rb]\n1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none\n1804496 - While performing bulk actions, unable to select all tasks under Monitor --\u003e Tasks page. \n1804651 - Missing information about \"Create Capsule\" via webUI\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7\n1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error\n1806842 - Disabling dynflow_enable_console from setting should hide \"Dynflow console\" in Tasks\n1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method `mtu\u0027\n1807042 - [RFE] Support additional disks for VM on Azure Compute Resource\n1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics. \n1807829 - Generated inventory file doesn\u0027t exist\n1807946 - Multiple duplicate index entries are present in foreman database\n1808843 - Satellite lists unrelated RHV storage domains using v4 API\n1810250 - Unable to delete repository - Content with ID could not be found\n1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd\n1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection\n1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic \"errata\" page instead\n1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units\n1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana\u0027s API specification\n1812904 - \u0027Hypervisors\u0027 task fails with \u0027undefined method `[]\u0027 for nil:NilClass\u0027 error\n1813005 - Prevent --tuning option to be applied in Capsule servers\n1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)\n1814095 - Applicable errata not showing up for module stream errata\n1815104 - Locked provisioning template should not be allowed to add audit comment\n1815135 - hammer does not support description for custom repositories\n1815146 - Backslash escapes when downloading a JSON-formatted report multiple times\n1815608 - Content Hosts has Access to Content View from Different Organization\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1816699 - Satellite Receptor Installer role can miss accounts under certain conditions\n1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval\n1816853 - Report generated by Red Hat Inventory Uploads is empty. \n1817215 - Admin must be able to provide all the client ids involved inside Satellite settings. \n1817224 - Loading one org\u0027s content view when switching to a different org\n1817481 - Plugin does not set page \u003ctitle\u003e\n1817728 - Default task polling is too frequent at scale\n1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com. \n1818062 - Deprecated message about katello agent being shown on content host registration page\n1818816 - Web console should open in a new tab/window\n1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1820193 - Deleted Global Http Proxy is still being used during repository sync. \n1820245 - reports in JSON format can\u0027t handle unicode characters\n1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512\n1821335 - Inventory plugin captures information for systems with any entitlement\n1821457 - [RFE] Capsules shouldn\u0027t update hosts\u0027 \"Registered through\" facts on the Satellite server in a load-balanced configuration. \n1821629 - Eager zero seems to do nothing\n1821651 - Manifest import task progress remains at 0. \n1821752 - New version of the plugin is available: 1.0.5\n1822039 - Get HTTP error when deploying the virt-who configure plugin\n1822560 - Unable to sync large openshift docker repos\n1823905 - Update distributor version to sat-6.7\n1823991 - [RFE] Add a more performant way to sort reports\n1824183 - Virtual host get counted as physical hosts on cloud.redhat.com\n1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes \"Blank\"\n1825760 - schedule inventory plugin sync failed due to \u0027organization_id\u0027 typecasting issue. \n1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy\n1825978 - Manifest refresh failed with \u0027Katello::Errors::CandlepinError Invalid credentials.\u0027 error\n1826298 - even when I cancel ReX job, remediation still shows it as running\n1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images\n1826515 - [RFE] Consume Candlepin events via STOMP\n1826625 - Improve performance of externalNodes\n1826678 - New version of the plugin is available: 2.0.6\n1826734 - Tasks uses wrong controller name for bookmarks\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories\n1827583 - Installing dhcp_isc and dhcp_remote_isc fails with \"You cannot specify the same gem twice with different version requirements.....You specified: rsec (\u003c 1) and rsec (\u003e= 0)\"\n1828257 - Receptor init file missing [Install] section, receptor service won\u0027t run after restart\n1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API\n1828549 - Manifest Certificate Exposed by Unprivileged User\n1828682 - Create compute resource shows console error \u0027Cannot read property \u0027aDataSort\u0027 of undefined\u0027\n1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default\n1828868 - Add keep alive option in Receptor node\n1829487 - Ansible verbosity level does not work\n1829766 - undefined method `tr\u0027 for nil:NilClass when trying to get a new DHCP lease from infoblox\n1830253 - Default job templates are not locked\n1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time\n1830834 - Unable to update default value of a smart class parameter (Sql query error). \n1830860 - Refactor loading regions based on subscription dynamically\n1830882 - Red Hat Satellite brand icon is missing\n1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo\n1831528 - CVE-2020-5267 rubygem-actionview: views that use the `j` or `escape_javascript` methods are susceptible to XSS attacks\n1833031 - Improve RH account ID fetching in cloud connector playbook\n1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)\n1833039 - Introduce error code to playbook_run_finished response type\n1833311 - \"Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid\" while creating scap policy with ansible deployment option. \n1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of \u0027/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud\u0027 returned 1: Error: Nothing to do\n1834377 - Disable mongo FTDC\n1834866 - Missing macro for \"registered_at\" host subscription facet\n1834898 - Login Page background got centralized and cropped\n1835189 - Missing macro for \"host_redhat_subscriptions\" in host subscription facet\n1835241 - Some applicability of the consumers are not recalculated after syncing a repository\n1835882 - While executing \"Configure Cloud Connector\" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting\n1836155 - Support follow on rails, travis and i18n work for AzureRm plugin\n1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman. \n1836774 - Some foreman services failed to start (pulp_streamer)\n1836845 - \"Generate at\" in report template should be current date\n1837951 - \"invalid Unicode Property \\p: /\\b\\perform various actions through those proxies\\b(?!-)/\" warning messages appears in dynflow-sidekiq@worker-hosts-queue\n1838160 - \u0027Registered hosts\u0027 report does not list kernel release for rhsm clients\n1838191 - Arrow position is on left rather in the middle under \"Start Time\"\n1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory\n1838917 - Repositories are not showing their available Release versions due to a low default db pool size\n1838963 - Hypervisors from Satellite, never makes their way to HBI\n1838965 - Product name link is not working on the activation keys \"Repository Sets\" tab. \n1839025 - Configure Cloud Connector relies on information which is no longer provided by the API\n1839649 - satellite-installer --reset returns a traceback\n1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds\n1839779 - undefined local variable or method `implicit_order_column\u0027 for #\u003cActiveRecord::Associations::CollectionProxy\u003e on GET request to /discovery_rules endpoint\n1839966 - New version of the plugin is available: 2.0.7\n1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out . \n1840191 - Validate parameters passed by receptor to the receptor-satellite plugin\n1840218 - ArgumentError: wrong number of arguments\n1840525 - Content host list doesn\u0027t update after the successful deletion of content host. \n1840635 - Proxy has failed to load one or more features (Realm)\n1840723 - Selected scenario is DISABLED, can not continue\n1840745 - Satellite installation failed with puppet error \" No Puppet module parser is installed\"\n1841098 - Failed to resolve package dependency while doing satellite upgrade. \n1841143 - Known hosts key removal may fail hard, preventing host from being provisioned\n1841573 - Clicking breadcrumb \"Auth Source Ldaps\" on Create LDAP Auth Source results in \"The page you were looking for doesn\u0027t exist.\"\n1841818 - icons missing on /pub download page\n1842900 - ERROR! the role \u0027satellite-receptor\u0027 was not found in ... \n1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/\n1843406 - In 6.8, Receptor installation playbook\u0027s inputs are visible again\n1843561 - Report templates duplicated\n1843846 - Host - Registered Content Hosts report: \"Safemode doesn\u0027t allow to access \u0027report_hraders\u0027 on #\u003cSafemode::ScopeObject\u003e\"\n1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8\n1843926 - satellite-change-hostname fails when running nsupdate\n1844142 - [RFE] Drop a subsription-manager fact with the satellite version\n1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP\n1845486 - [RFE] Able to select \u0027HTTP Proxy\u0027 during Compute Resource create for \u0027GCE\u0027 as similar to EC2\n1845860 - hammer org add-provisioning-template command returns Error: undefined method `[]\u0027 for nil:NilClass\n1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1846254 - need to restart services after enabling leapp plugin\n1846313 - Add index on locks for resource type and task id\n1846317 - undefined method `klass\u0027 for nil:NilClass\n1846421 - build pxe default do not work when more than 1 provider\n1846593 - Satellite-installer failed with error \"Could not find a suitable provider for foreman_smartproxy\" while doing upgrade from 6.7 to 6.8\n1847019 - Empty applicability for non-modular repos\n1847063 - Slow manifest import and/or refresh\n1847407 - load_pools macro not in list of macros\n1847645 - Allow override of Katello\u0027s DISTRIBUTOR_VERSION\n1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details. \n1847840 - Libvirt note link leads to 404\n1847871 - Combined Profile Update: ArgumentError: invalid argument: nil. \n1848291 - Download kernel/initram for kexec asynchronously\n1848535 - Unable to create a pure IPv6 host\n1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)\n1848902 - ERF42-0258 [Foreman::Exception]: \u003cuuid\u003e is not valid, enter id or name\n1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory\n1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool\n1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms\n1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule\n1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names\n1849656 - ERROR! You cannot use loops on \u0027import_tasks\u0027 statements. You should use \u0027include_tasks\u0027 instead. \n1849680 - Task progress decimal precision discrepancy between UI, CLI, and API\n1849869 - Unable to recycle the dynflow executor\n1850355 - Auth Source Role Filters are not working in Satellite 6.8\n1850536 - Can\u0027t add RHEV with APIv3 through Hammer\n1850914 - Checksum type \"sha256\" is not available for all units in the repository. Make sure those units have been downloaded\n1850934 - Satellite-installer failed with error \"Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)\"\n1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates\n1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9\n1851167 - Autoattach -\u003e \"undefined\" subscription added\n1851176 - Subscriptions do not provide any repository sets\n1851952 - \"candlepin_events FAIL Not running\" and wont restart\n1852371 - Allow http proxy ports by default\n1852723 - Broken link for documentation on installation media page\n1852733 - Inventory upload documentation redirects to default location\n1852735 - New version of the plugin is available: 2.0.8\n1853076 - large capsule syncs cause slow processing of dynflow tasks/steps\n1853200 - foreman-rake-db:migrate Fails on \"No indexes found on foreman_tasks_locks with the options provided\"\n1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7\n1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh\n1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views\n1853572 - Broken documentation link for \u0027RHV\u0027 in Compute Resource\n1854138 - System purpose status should show as \u0027disabled\u0027 when Satellite is in Simple Content Access mode. \n1854397 - Compliance reports are not being uploaded to satellite. \n1854530 - PG::NotNullViolation when syncing hosts from cloud\n1855008 - Host parameters are set after the host is created. \n1855254 - Links to documentation broken in HTTP Proxies setup\n1855348 - katello_applicability accidentally set to true at install\n1855710 - \u0027Ensure RPM repository is configured and enabled\u0027 task says \u0027FIXME\u0027\n1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page. \n1856379 - Add missing VM creation tests\n1856401 - [RFE] Add module to create HTTP Proxy\n1856831 - New version of the plugin is available: 2.0.9\n1856837 - undefined method \u0027#httpboot\u0027 for NilClass::Jail (NilClass) when creating an IPv6 only host\n1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500\n1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos\n1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos\n1857377 - Capsule Upgrade Playbook fails with \"Failed to initialize: NoMethodError - undefined method `default_capsule\u0027 for Katello:Module\"\n1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError\n1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename. \n1857726 - Warnings are shown during the satellite package installation on RHEL 7.9\n1858237 - Upgraded Satellite has duplicated katello_pools indexes\n1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user\n1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite\n1858855 - Creating compute resources on IPV6 network does not fail gracefully\n1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf\n1859194 - load_hosts macro duplicated in a list of macros\n1859276 - Need to update the deprecation warning message on Statistics and Trends page. \n1859705 - Tomcat is not running on fresh Capsule installation\n1859929 - User can perform other manifest actions while the first one starts\n1860351 - \u0027Host - compare content hosts packages\u0027 report fails with error \u0027undefined method \u0027#first\u0027 for NilClass\u0027\n1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed\n1860422 - Host with remediations can\u0027t be removed\n1860430 - \u0027Host - compare content hosts packages\u0027 report: Safemode doesn\u0027t allow to access \u0027version\u0027... \n1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service\n1860519 - Browsing capsule /pub directory with https fails with forbidden don\u0027t have permission to access /pub/ error. \n1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8\n1860587 - Documentation link in Administer -\u003e About pointing to 6.6 document. \n1860835 - Installed Packages not displayed on About page\n1860957 - Unable to select an organization for sync management\n1861367 - Import Template sync never completes\n1861397 - UI dialog for Capsule Upgrade Playbook job doesn\u0027t state whitelist_options is required\n1861422 - Error encountered while handling the response, replying with an error message (\u0027plugin_config\u0027)\n1861656 - smart-proxy-openscap-send command fails to upload reports to satellite. \n1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request\n1861766 - Add ability to list traces by host with hammer\n1861807 - Cancel/Abort button should be disabled once REX job is finish\n1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer\n1861831 - satellite-change-hostname cannot change the satellite hostname after failing. \n1861890 - Recommended repos do not match Satellite version\n1861970 - Content -\u003e Product doesn\u0027t work when no organization is selected\n1862135 - updating hosts policy using bulk action fails with sql error\n1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite. \n1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6\n1865871 - Obfuscated hosts do not have domain reported\n1865872 - Templates doc - examples on onepage.html are not processed\n1865874 - Add inventory status to host\n1865876 - Make recommendations count in hosts index a link\n1865879 - Add automatic scheduler for insights sync\n1865880 - Add an explanation how to enable insights sync\n1865928 - Templates documentation help page has hard-coded Satellite setting value\n1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently\n1866029 - Templates DSL documentation: Parts of description are put in \u003cpre\u003e tag\n1866436 - host search filter does not work in job invocation page\n1866461 - Run action is missing in job templates page\n1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page\n1866700 - Hammer CLI is missing \"resolve\" (traces) option for katello-tracer\n1866710 - Wrong API endpoint path referenced for resolving host traces\n1867239 - hammer content-view version incremental-update fails with ISE\n1867287 - Error Row was updated or deleted by another transaction when deleting docker repository\n1867311 - Upgrade fails when checkpoint_segments postgres parameter configured\n1867399 - Receptor-satellite isn\u0027t able to deal with jobs where all the hosts are unknown to satellite\n1867895 - API Create vmware ComputeResource fails with \"Datacenter can\u0027t be blank\"\n1868183 - Unable to change virt-who hypervisor location. \n1868971 - Receptor installation job doesn\u0027t properly escape data it puts into receptor.conf\n1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)\u0027 messages come in upgrade and installation. \n1869812 - Tasks fail to complete under load\n1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow\n1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)\n1871434 - theme css \".container\" class rule is too generic\n1871729 - ansible-runner implementation depends on third party repository for ansible-runner package. \n1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout\n1871978 - Bug in provisioning_template Module\n1872014 - Enable web console on host error in \"Oops, we\u0027re sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console\"\n1872041 - Host search returns incorrect result\n1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result\n1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover\n1874143 - Red Hat Inventory Uploads does not use proxy\n1874160 - Changing Content View of a Content Host needs to better inform the user around client needs\n1874168 - Sync Plan fails with \u0027uninitialized constant Actions::Foreman::Exception\u0027\n1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file\n1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)\n1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow\n1874176 - Unable to search by value of certain Hostgroup parameter\n1874422 - Hits Sync uses only old proxy setting\n1874619 - Hostgroup tag is never reported in slice\n1875357 - After upgrade server response check failed for candlepin. \n1875426 - Azure VM provision fails with error `requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`\n1875660 - Reporting Template macros host_cores is not working as expected\n1875667 - Audit page list incorrect search filter\n1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only\n1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding\n1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries\n1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-*.csv\n1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-*.csv\n1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-*.csv\n1878194 - In Capsule upgrade, \"yum update\" dump some error messages. \n1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled\n1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections\n1878850 - creating host from hg doesn\u0027t resolves the user-data template\n1879151 - Remote execution status not updating with large number of hosts\n1879448 - Add hits details to host details page\n1879451 - Stop uploading if Satellite\u0027s setting is disconnected\n1879453 - Add plugin version to report metadata\n1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP\n1880637 - [6.8] satellite-installer always runs upgrade steps\n1881066 - Safemode doesn\u0027t allow to access \u0027host_cores\u0027 on #\u003cSafemode::ScopeObject\u003e\n1881078 - Use Passenger instead of Puma as the Foreman application server\n1881988 - [RFE] IPv6 support for Satellite 6.8\n1882276 - Satellite installation fails at execution of \u0027/usr/sbin/foreman-rake -- config -k \u0027remote_execution_cockpit_url\u0027 -v \u0027/webcon/=%{host}\u0027\u0027\n1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results\n1883093 - installer-upgrade failed with error \"Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)\"\n1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error \"HTTP error (500 - Internal Server Error): Unable to register system, not all services available\"\n1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals\n1887489 - Insights rules can\u0027t be loaded on freshly installed Satellite system\n1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO\n\n6. Package List:\n\nRed Hat Satellite Capsule 6.8:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-child-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-common-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nRed Hat Satellite 6.7:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncandlepin-3.1.21-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nforeman-selinux-2.1.2.3-1.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npcp-mmvstatsd-0.4-2.el7sat.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-aiohttp-3.6.2-4.el7ar.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-async-timeout-3.0.1-2.el7ar.src.rpm\npython-attrs-19.3.0-3.el7ar.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-chardet-3.0.4-10.el7ar.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-dateutil-2.8.1-2.el7ar.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-idna-2.4-2.el7ar.src.rpm\npython-idna-ssl-1.1.0-2.el7ar.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-multidict-4.7.4-2.el7ar.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-prometheus-client-0.7.1-2.el7ar.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-receptor-satellite-1.2.0-1.el7sat.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-six-1.11.0-8.el7ar.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-typing-extensions-3.7.4.1-2.el7ar.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-yarl-1.4.2-2.el7ar.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nreceptor-0.6.3-1.el7ar.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm\nrubygem-facter-2.4.1-2.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nrubygem-passenger-4.0.18-24.el7sat.src.rpm\nrubygem-rack-1.6.12-1.el7sat.src.rpm\nrubygem-rake-0.9.2.2-41.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.src.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.src.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.src.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.src.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.src.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.src.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.src.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.src.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.src.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.src.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.src.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncandlepin-3.1.21-1.el7sat.noarch.rpm\ncandlepin-selinux-3.1.21-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-2.1.2.19-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-cli-2.1.2.19-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ec2-2.1.2.19-1.el7sat.noarch.rpm\nforeman-gce-2.1.2.19-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-journald-2.1.2.19-1.el7sat.noarch.rpm\nforeman-libvirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-openstack-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ovirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-postgresql-2.1.2.19-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nforeman-selinux-2.1.2.3-1.el7sat.noarch.rpm\nforeman-service-2.1.2.19-1.el7sat.noarch.rpm\nforeman-telemetry-2.1.2.19-1.el7sat.noarch.rpm\nforeman-vmware-2.1.2.19-1.el7sat.noarch.rpm\nkatello-3.16.0-1.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkatello-selinux-3.4.0-1.el7sat.noarch.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\npython3-async-timeout-3.0.1-2.el7ar.noarch.rpm\npython3-attrs-19.3.0-3.el7ar.noarch.rpm\npython3-chardet-3.0.4-10.el7ar.noarch.rpm\npython3-dateutil-2.8.1-2.el7ar.noarch.rpm\npython3-idna-2.4-2.el7ar.noarch.rpm\npython3-idna-ssl-1.1.0-2.el7ar.noarch.rpm\npython3-prometheus-client-0.7.1-2.el7ar.noarch.rpm\npython3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm\npython3-six-1.11.0-8.el7ar.noarch.rpm\npython3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nreceptor-0.6.3-1.el7ar.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nrubygem-rack-1.6.12-1.el7sat.noarch.rpm\nrubygem-rake-0.9.2.2-41.el7sat.noarch.rpm\nsatellite-6.8.0-1.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-cli-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_passenger-4.0.18-24.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\npython3-aiohttp-3.6.2-4.el7ar.x86_64.rpm\npython3-multidict-4.7.4-2.el7ar.x86_64.rpm\npython3-yarl-1.4.2-2.el7ar.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm\nrubygem-facter-2.4.1-2.el7sat.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nrubygem-passenger-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-3258\nhttps://access.redhat.com/security/cve/CVE-2018-11751\nhttps://access.redhat.com/security/cve/CVE-2019-12781\nhttps://access.redhat.com/security/cve/CVE-2019-16782\nhttps://access.redhat.com/security/cve/CVE-2020-5216\nhttps://access.redhat.com/security/cve/CVE-2020-5217\nhttps://access.redhat.com/security/cve/CVE-2020-5267\nhttps://access.redhat.com/security/cve/CVE-2020-7238\nhttps://access.redhat.com/security/cve/CVE-2020-7663\nhttps://access.redhat.com/security/cve/CVE-2020-7942\nhttps://access.redhat.com/security/cve/CVE-2020-7943\nhttps://access.redhat.com/security/cve/CVE-2020-8161\nhttps://access.redhat.com/security/cve/CVE-2020-8184\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11619\nhttps://access.redhat.com/security/cve/CVE-2020-14061\nhttps://access.redhat.com/security/cve/CVE-2020-14062\nhttps://access.redhat.com/security/cve/CVE-2020-14195\nhttps://access.redhat.com/security/cve/CVE-2020-14334\nhttps://access.redhat.com/security/cve/CVE-2020-14380\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK\n1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa\n5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr\noomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f\nZ8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io\nOhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX\nk9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG\nC2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5\n/6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta\nD2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a\nf4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG\n1yK/tAm1KBU=osSG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nSecurity Fix(es):\n\n* netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)\n\n* dom4j (CVE-2018-1000632)\n\n* elasticsearch (CVE-2018-3831)\n\n* pdfbox (CVE-2018-11797)\n\n* vertx (CVE-2018-12541)\n\n* spring-data-jpa (CVE-2019-3797)\n\n* mina-core (CVE-2019-0231)\n\n* jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540\nCVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943\nCVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619\nCVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)\n\n* jackson-mapper-asl (CVE-2019-10172)\n\n* hawtio (CVE-2019-9827)\n\n* undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)\n\n* santuario (CVE-2019-12400)\n\n* apache-commons-beanutils (CVE-2019-10086)\n\n* cxf (CVE-2019-17573)\n\n* apache-commons-configuration (CVE-2020-1953)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. \n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1728604 - CVE-2019-9827 hawtio: server side request forgery via initial /proxy/ substring of a URI\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource\n1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig\n1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package\n1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package\n1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package\n1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*\n1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource\n1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source\n1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default\n1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS\n1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*\n1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page\n1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header\n1798524 - CVE-2019-20444 netty: HTTP request smuggling\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1815212 - CVE-2020-1953 apache-commons-configuration: uncontrolled class instantiation when loading YAML files\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory\n1848960 - CVE-2020-14060 jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool\n1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool\n1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2020-14061" }, { "db": "JVNDB", "id": "JVNDB-2020-006820" }, { "db": "VULHUB", "id": "VHN-166902" }, { "db": "VULMON", "id": "CVE-2020-14061" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "158636" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-14061", "trust": 3.8 }, { "db": "PACKETSTORM", "id": "159724", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "158651", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95897514", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-006820", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202006-995", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.2280", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2588", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2619", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3703", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "NSFOCUS", "id": "48648", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "158650", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-166902", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-14061", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158636", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-166902" }, { "db": "VULMON", "id": "CVE-2020-14061" }, { "db": "JVNDB", "id": "JVNDB-2020-006820" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "CNNVD", "id": "CNNVD-202006-995" }, { "db": "NVD", "id": "CVE-2020-14061" } ] }, "id": "VAR-202006-1824", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-166902" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T20:14:56.331000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "hitachi-sec-2021-109", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2698" }, { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=122481" }, { "title": "Red Hat: Important: Satellite 6.8 release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204366 - security advisory" }, { "title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory" }, { "title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory" }, { "title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-125" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "cubed", "trust": 0.1, "url": "https://github.com/yahoo/cubed " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-14061" }, { "db": "JVNDB", "id": "JVNDB-2020-006820" }, { "db": "CNNVD", "id": "CNNVD-202006-995" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.1 }, { "problemtype": "Deserialization of untrusted data (CWE-502) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-166902" }, { "db": "JVNDB", "id": "JVNDB-2020-006820" }, { "db": "NVD", "id": "CVE-2020-14061" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20200702-0003/" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2698" }, { "trust": 1.8, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html" }, { "trust": 1.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061" }, { "trust": 1.0, "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.8, "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95897514/index.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2280/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-code-execution-via-weblogic-oracle-aqjms-32686" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/48648" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3703/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affects-ibm-operations-analytics-predictive-insights-cve-2019-14060-cve-2019-14661-cve-2019-14662/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2588/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2619/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159724/red-hat-security-advisory-2020-4366-01.html" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-9547" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10968" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-9546" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-14061" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-11619" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-9548" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-14062" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-8840" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10969" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-7238" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11112" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11113" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-17573" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14060" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-10672" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-20445" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-10673" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-20444" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11620" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-20330" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11111" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062" }, { "trust": 0.2, "url": "https://access.redhat.com/errata/rhsa-2020:4366" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-13990" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9512" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12406" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9514" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9515" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9518" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16869" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12423" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-11612" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-14195" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-10086" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-125/index.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3196" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16782" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16782" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12781" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-5267" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14380" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11751" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7943" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8184" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14334" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11751" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-5217" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12781" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5267" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7663" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5217" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7663" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14380" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8184" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7942" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10693" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8161" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14334" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7943" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-5216" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3197" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16335" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16943" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3831" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17531" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-12541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4970" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9827" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14540" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1745" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9511" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10172" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1953" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1757" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17267" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14893" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14888" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12400" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14892" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3192" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888" } ], "sources": [ { "db": "VULHUB", "id": "VHN-166902" }, { "db": "VULMON", "id": "CVE-2020-14061" }, { "db": "JVNDB", "id": "JVNDB-2020-006820" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "CNNVD", "id": "CNNVD-202006-995" }, { "db": "NVD", "id": "CVE-2020-14061" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-166902" }, { "db": "VULMON", "id": "CVE-2020-14061" }, { "db": "JVNDB", "id": "JVNDB-2020-006820" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "CNNVD", "id": "CNNVD-202006-995" }, { "db": "NVD", "id": "CVE-2020-14061" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-14T00:00:00", "db": "VULHUB", "id": "VHN-166902" }, { "date": "2020-06-14T00:00:00", "db": "VULMON", "id": "CVE-2020-14061" }, { "date": "2020-07-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-006820" }, { "date": "2020-07-29T17:52:58", "db": "PACKETSTORM", "id": "158650" }, { "date": "2020-10-27T16:58:42", "db": "PACKETSTORM", "id": "159724" }, { "date": "2020-07-29T17:53:05", "db": "PACKETSTORM", "id": "158651" }, { "date": "2020-07-29T00:05:59", "db": "PACKETSTORM", "id": "158636" }, { "date": "2020-06-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202006-995" }, { "date": "2020-06-14T20:15:10.027000", "db": "NVD", "id": "CVE-2020-14061" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-17T00:00:00", "db": "VULHUB", "id": "VHN-166902" }, { "date": "2021-11-17T00:00:00", "db": "VULMON", "id": "CVE-2020-14061" }, { "date": "2024-07-22T06:06:00", "db": "JVNDB", "id": "JVNDB-2020-006820" }, { "date": "2022-06-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202006-995" }, { "date": "2023-11-07T03:17:05.860000", "db": "NVD", "id": "CVE-2020-14061" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "159724" }, { "db": "CNNVD", "id": "CNNVD-202006-995" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted data deserialization vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-006820" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202006-995" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202101-1934">var-202101-1934</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>===================================================================== Red Hat Security Advisory</p> <p>Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================</p> <ol> <li>Summary:</li> </ol> <p>Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Description:</li> </ol> <p>Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. </p> <ol> <li>Solution:</li> </ol> <p>This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:</p> <p>https://access.redhat.com/errata/RHBA-2021:1232</p> <p>All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor</p> <p>For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:</p> <p>https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html</p> <p>Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:</p> <p>https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):</p> <p>LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"</p> <p>5</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202101-1934" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202101-1934" aria-expanded="false" aria-controls="collapseJsonvar-202101-1934"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202101-1934&t=Vulnerability var-202101-1934" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202101-1934&title=Vulnerability var-202101-1934" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202101-1934&url=https://vulnerability.circl.lu/vuln/var-202101-1934" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202101-1934&title=Vulnerability var-202101-1934" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202101-1934&description=Vulnerability var-202101-1934" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202101-1934&title=Vulnerability var-202101-1934" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202101-1934')" vuln-id="var-202101-1934" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202101-1934"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202101-1934">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1934", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "communications policy management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.5.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "communications pricing design center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.0" }, { "model": "retail customer management and segmentation foundation", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "commerce platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.2" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.6.7.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.3.2" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.5.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "banking treasury management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3" }, { "model": "cloud backup", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "data integrator", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0.2" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.4.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "retail customer management and segmentation foundation", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "communications unified inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4.1" }, { "model": "communications convergent charging controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "insurance rules palette", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "goldengate application adapters", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1.0.0.0" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "communications diameter signaling route", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.5.0.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.0" }, { "model": "insurance rules palette", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "communications diameter signaling route", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "communications services gatekeeper", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.10" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0" }, { "model": "insurance policy administration", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "insurance policy administration", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12.0" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.2" }, { "model": "communications offline mediation controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3.1" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.11" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "communications cloud native core policy", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.14.0" }, { "model": "communications cloud native core unified data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.4.0" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.8" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.0.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.2.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0.4" }, { "model": "service level manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "commerce platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.5.0.23.0" }, { "model": "blockchain platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.1.2" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0.3" }, { "model": "insurance policy administration", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.11" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.1" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.4" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.6" }, { "model": "service level manager", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "jackson-databind", "scope": null, "trust": 0.8, "vendor": "fasterxml", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015592" }, { "db": "NVD", "id": "CVE-2020-36188" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.8", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.2", "versionStartIncluding": "11.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.10", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.11", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.0", "versionStartIncluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.5.0.0", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.4.0", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.1.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-36188" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202101-355" } ], "trust": 0.8 }, "cve": "CVE-2020-36188", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-36188", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-381455", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-36188", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-36188", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202101-355", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-381455", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-36188", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-381455" }, { "db": "VULMON", "id": "CVE-2020-36188" }, { "db": "JVNDB", "id": "JVNDB-2020-015592" }, { "db": "NVD", "id": "CVE-2020-36188" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-355" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2020-36188" }, { "db": "JVNDB", "id": "JVNDB-2020-015592" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-381455" }, { "db": "VULMON", "id": "CVE-2020-36188" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-36188", "trust": 2.8 }, { "db": "PACKETSTORM", "id": "162350", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162493", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015592", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021110515", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021050708", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042826", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1397", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1437", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1573", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-355", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-381455", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-36188", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381455" }, { "db": "VULMON", "id": "CVE-2020-36188" }, { "db": "JVNDB", "id": "JVNDB-2020-015592" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36188" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-355" } ] }, "id": "VAR-202101-1934", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-381455" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T10:50:48.440000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "NTAP-20210205-0005", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "title": "IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "Al1ex", "trust": 0.1, "url": "https://github.com/al1ex/al1ex " }, { "title": "PoC", "trust": 0.1, "url": "https://github.com/jonathan-elias/poc " }, { "title": "PoC-in-GitHub", "trust": 0.1, "url": "https://github.com/developer3000s/poc-in-github " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-36188" }, { "db": "JVNDB", "id": "JVNDB-2020-015592" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.1 }, { "problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381455" }, { "db": "JVNDB", "id": "JVNDB-2020-015592" }, { "db": "NVD", "id": "CVE-2020-36188" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { "trust": 1.8, "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2996" }, { "trust": 1.8, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188" }, { "trust": 0.7, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1437" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6455267" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021110515" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042826" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1397" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1573" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021050708" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19360" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20190" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14719" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35491" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36180" }, { "trust": 0.2, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36188" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36179" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36182" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24750" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36186" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14379" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/al1ex/al1ex" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1230" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2021:1232" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2163" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1515" } ], "sources": [ { "db": "VULHUB", "id": "VHN-381455" }, { "db": "VULMON", "id": "CVE-2020-36188" }, { "db": "JVNDB", "id": "JVNDB-2020-015592" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36188" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-355" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-381455" }, { "db": "VULMON", "id": "CVE-2020-36188" }, { "db": "JVNDB", "id": "JVNDB-2020-015592" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36188" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-355" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-06T00:00:00", "db": "VULHUB", "id": "VHN-381455" }, { "date": "2021-01-06T00:00:00", "db": "VULMON", "id": "CVE-2020-36188" }, { "date": "2021-10-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015592" }, { "date": "2021-04-27T15:37:46", "db": "PACKETSTORM", "id": "162350" }, { "date": "2021-05-06T15:03:00", "db": "PACKETSTORM", "id": "162493" }, { "date": "2021-01-06T23:15:13.233000", "db": "NVD", "id": "CVE-2020-36188" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-01-06T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-355" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-02T00:00:00", "db": "VULHUB", "id": "VHN-381455" }, { "date": "2022-09-02T00:00:00", "db": "VULMON", "id": "CVE-2020-36188" }, { "date": "2021-10-06T01:05:00", "db": "JVNDB", "id": "JVNDB-2020-015592" }, { "date": "2023-09-13T14:57:31.733000", "db": "NVD", "id": "CVE-2020-36188" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-07-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-355" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-355" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015592" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202003-1786">var-202003-1786</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:</p> <p>Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. </p> <p>It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. </p> <p>NOTE: This advisory is an addendum to https://access.redhat.com/errata/RHBA-2020:1414 and is an informational advisory only, to clarify security fixes released therein. No code has been modified as part of this advisory. Description:</p> <p>Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Summary:</p> <p>This is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):</p> <p>JBEAP-18881 - Upgrade Undertow to 2.0.30.SP1 JBEAP-18974 - Upgrade snakeyaml to 1.26 JBEAP-18975 - Upgrade cryptacular to 1.2.4 JBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001 JBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4 JBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final JBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final JBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final JBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes</p> <ol> <li>Description:</li> </ol> <p>Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. </p> <p>This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Solution:</p> <p>To install this update, do the following:</p> <ol> <li>Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1595621 - CVE-2017-7658 jetty: Incorrect header handling 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender</p> <ol> <li>The purpose of this text-only errata is to inform you about the security issues fixed in this release. </li> </ol> <p>Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>===================================================================== Red Hat Security Advisory</p> <p>Synopsis: Important: rh-maven35-jackson-databind security update Advisory ID: RHSA-2020:1523-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2020:1523 Issue date: 2020-04-21 Cross references: 1822587 1822174 1822932 1822937 1822927 CVE Names: CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 =====================================================================</p> <ol> <li>Summary:</li> </ol> <p>An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Relevant releases/architectures:</li> </ol> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch</p> <ol> <li>Description:</li> </ol> <p>The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. </p> <p>Security Fix(es):</p> <ul> <li> <p>jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)</p> </li> <li> <p>jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)</p> </li> <li> <p>jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)</p> </li> <li> <p>jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)</p> </li> <li> <p>jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)</p> </li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. </p> <ol> <li>Solution:</li> </ol> <p>For details on how to apply this update, which includes the changes described in this advisory, refer to:</p> <p>https://access.redhat.com/articles/11258</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime</p> <ol> <li>Package List:</li> </ol> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p> <p>These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/</p> <ol> <li>References:</li> </ol> <p>https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11111 https://access.redhat.com/security/cve/CVE-2020-11112 https://access.redhat.com/security/cve/CVE-2020-11113 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBXp7oOtzjgjWX9erEAQghsBAAk6mN7QOctoM4gV9BDkYybnwjFrgzSgQg LahdpBV7QmHQ/6rdhSlbE8sGCdrUwLJy1GvRS1PzvUY2IzLf8c0rtzcHrIiD1wWB N5kEBWiNgHOpuU4etwbR9gGsY7hhSvyxzTyRhHU36UQJqyNoc95DfbokqeAf8Ggp dfw20J8hsCkQ6OkvDCM6T9fY7jcbHdiD4jx8WSMn3bQS3o8zRf1JJlMPOqLnHM+J 998+RIzoJYqqdL7XNWPMopvR1yps2Xx+NTL4+2Vg8e+2KVxO+ksIu3EqRsCRD0wT 22iPNX3r8ETjWcfLGw0Imvc8RiRsCL7L4oa+cbIpnBdvsRr/yW8IYmvJmHwFTZlK +vIyYPAfSCLuHSktXEwZ9WDMeFsJfZr+zdVZ5MmOgvMAIqg+0RSE3VBlzmuAOMbv yNz6SPODozvMDPmW1OwLhtGsu1CigORIuTRcNSYwTkXVoAxFhWXK0sHuxc3h1ne0 x38Tgk1grF7xbBSfvJwFn0MfBhufg4+iUuFhte7mtuSu3gvjQ/qt01Oo11p8cW2m g6lX1NGEsUpEONf0NS+1hFSxWB4ex7ln98e5AqNWtLHt3S5OHzI67+/4dgl5xF7J PdLv4j8b1AqTV8wRX6pK59OeslYcPhYdMWHEbMSkQJ3WZFOILkyTm6HWer9kl3Yt 8yoMyLl6FBM= =n1if -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202003-1786" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202003-1786" aria-expanded="false" aria-controls="collapseJsonvar-202003-1786"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202003-1786&t=Vulnerability var-202003-1786" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202003-1786&title=Vulnerability var-202003-1786" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202003-1786&url=https://vulnerability.circl.lu/vuln/var-202003-1786" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202003-1786&title=Vulnerability var-202003-1786" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202003-1786&description=Vulnerability var-202003-1786" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202003-1786&title=Vulnerability var-202003-1786" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202003-1786')" vuln-id="var-202003-1786" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202003-1786"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202003-1786">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1786", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "insurance policy administration j2ee", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.1.0.15" }, { "model": "retail sales audit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.3" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.1" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "financial services price creation and discovery", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.2" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "communications network charging and control", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "12.0.3" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "financial services institutional performance analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "financial services analytical applications infrastructure", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.1.0" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "global lifecycle management opatch", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "12.2.0.1.20" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.4" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.4.2" }, { "model": "financial services retail customer analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications network charging and control", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "12.0.0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.0.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.5.0" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.4.2" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.2" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "financial services analytical applications infrastructure", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "banking platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "2.4.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.4.0.0" }, { "model": "insurance policy administration j2ee", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2.25" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.4.0" }, { "model": "banking platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "2.9.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.2" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "financial services institutional performance analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "financial services price creation and discovery", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "steelstore cloud integrated storage", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "communications calendar server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.1" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.0" }, { "model": "financial services institutional performance analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "jackson-databind", "scope": "eq", "trust": 0.8, "vendor": "fasterxml", "version": "2.9.10.4" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-003616" }, { "db": "NVD", "id": "CVE-2020-11112" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.4", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.1.0", "versionStartIncluding": "8.0.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.0.3", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.9.0", "versionStartIncluding": "2.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.2.0.1.20", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-11112" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "160601" }, { "db": "PACKETSTORM", "id": "157859" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157322" }, { "db": "CNNVD", "id": "CNNVD-202003-1736" } ], "trust": 1.3 }, "cve": "CVE-2020-11112", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-003616", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-163658", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-11112", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-003616", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-11112", "trust": 1.0, "value": "HIGH" }, { "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "id": "CVE-2020-11112", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2020-003616", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202003-1736", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-163658", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-11112", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-163658" }, { "db": "VULMON", "id": "CVE-2020-11112" }, { "db": "JVNDB", "id": "JVNDB-2020-003616" }, { "db": "CNNVD", "id": "CNNVD-202003-1736" }, { "db": "NVD", "id": "CVE-2020-11112" }, { "db": "NVD", "id": "CVE-2020-11112" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nNOTE: This advisory is an addendum to\nhttps://access.redhat.com/errata/RHBA-2020:1414 and is an informational\nadvisory only, to clarify security fixes released therein. No code has been\nmodified as part of this advisory. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18881 - Upgrade Undertow to 2.0.30.SP1\nJBEAP-18974 - Upgrade snakeyaml to 1.26\nJBEAP-18975 - Upgrade cryptacular to 1.2.4\nJBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001\nJBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final\nJBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final\nJBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final\nJBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes\n\n6. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat\nData Grid 7.3.6 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See\nthe download link in the References section. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1595621 - CVE-2017-7658 jetty: Incorrect header handling\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n\n5. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-maven35-jackson-databind security update\nAdvisory ID: RHSA-2020:1523-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:1523\nIssue date: 2020-04-21\nCross references: 1822587 1822174 1822932 1822937 1822927\nCVE Names: CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 \n CVE-2020-11112 CVE-2020-11113 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-maven35-jackson-databind is now available for Red Hat\nSoftware Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. Description:\n\nThe jackson-databind package provides general data-binding functionality\nfor Jackson, which works on top of Jackson core streaming API. \n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in\norg.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)\n\n* jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n(CVE-2020-10969)\n\n* jackson-databind: Serialization gadgets in\norg.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)\n\n* jackson-databind: Serialization gadgets in\norg.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)\n\n* jackson-databind: Serialization gadgets in\norg.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11111\nhttps://access.redhat.com/security/cve/CVE-2020-11112\nhttps://access.redhat.com/security/cve/CVE-2020-11113\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXp7oOtzjgjWX9erEAQghsBAAk6mN7QOctoM4gV9BDkYybnwjFrgzSgQg\nLahdpBV7QmHQ/6rdhSlbE8sGCdrUwLJy1GvRS1PzvUY2IzLf8c0rtzcHrIiD1wWB\nN5kEBWiNgHOpuU4etwbR9gGsY7hhSvyxzTyRhHU36UQJqyNoc95DfbokqeAf8Ggp\ndfw20J8hsCkQ6OkvDCM6T9fY7jcbHdiD4jx8WSMn3bQS3o8zRf1JJlMPOqLnHM+J\n998+RIzoJYqqdL7XNWPMopvR1yps2Xx+NTL4+2Vg8e+2KVxO+ksIu3EqRsCRD0wT\n22iPNX3r8ETjWcfLGw0Imvc8RiRsCL7L4oa+cbIpnBdvsRr/yW8IYmvJmHwFTZlK\n+vIyYPAfSCLuHSktXEwZ9WDMeFsJfZr+zdVZ5MmOgvMAIqg+0RSE3VBlzmuAOMbv\nyNz6SPODozvMDPmW1OwLhtGsu1CigORIuTRcNSYwTkXVoAxFhWXK0sHuxc3h1ne0\nx38Tgk1grF7xbBSfvJwFn0MfBhufg4+iUuFhte7mtuSu3gvjQ/qt01Oo11p8cW2m\ng6lX1NGEsUpEONf0NS+1hFSxWB4ex7ln98e5AqNWtLHt3S5OHzI67+/4dgl5xF7J\nPdLv4j8b1AqTV8wRX6pK59OeslYcPhYdMWHEbMSkQJ3WZFOILkyTm6HWer9kl3Yt\n8yoMyLl6FBM=\n=n1if\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2020-11112" }, { "db": "JVNDB", "id": "JVNDB-2020-003616" }, { "db": "VULHUB", "id": "VHN-163658" }, { "db": "VULMON", "id": "CVE-2020-11112" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "160601" }, { "db": "PACKETSTORM", "id": "157859" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157322" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-11112", "trust": 3.3 }, { "db": "PACKETSTORM", "id": "159208", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "158651", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "160601", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-003616", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202003-1736", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "157322", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.1399", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1766", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2588", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.4471", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3190", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1368", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1882", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2619", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "NSFOCUS", "id": "48043", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "158650", "trust": 0.2 }, { "db": "CNVD", "id": "CNVD-2020-21475", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-163658", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-11112", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "157859", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158636", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-163658" }, { "db": "VULMON", "id": "CVE-2020-11112" }, { "db": "JVNDB", "id": "JVNDB-2020-003616" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "160601" }, { "db": "PACKETSTORM", "id": "157859" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157322" }, { "db": "CNNVD", "id": "CNNVD-202003-1736" }, { "db": "NVD", "id": "CVE-2020-11112" } ] }, "id": "VAR-202003-1786", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-163658" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:00:14.087000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Block one more gadget type (apache/commons-proxy, CVE-2020-11112) #2666", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2666" }, { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115370" }, { "title": "Red Hat: Moderate: Red Hat Single Sign-On 7.4.0 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205625 - security advisory" }, { "title": "Red Hat: Important: rh-maven35-jackson-databind security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201523 - security advisory" }, { "title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203779 - security advisory" }, { "title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 19 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202333 - security advisory" }, { "title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory" }, { "title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory" }, { "title": "IBM: Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affect IBM Sterling B2B Integrator", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9bb4efe27af18414a7db703d1dd40070" }, { "title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202067 - security advisory" }, { "title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "cubed", "trust": 0.1, "url": "https://github.com/yahoo/cubed " }, { "title": "Java-Deserialization-CVEs", "trust": 0.1, "url": "https://github.com/palindromelabs/java-deserialization-cves " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-11112" }, { "db": "JVNDB", "id": "JVNDB-2020-003616" }, { "db": "CNNVD", "id": "CNNVD-202003-1736" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-163658" }, { "db": "JVNDB", "id": "JVNDB-2020-003616" }, { "db": "NVD", "id": "CVE-2020-11112" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html" }, { "trust": 1.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20200403-0002/" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2666" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.0, "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.8, "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11112" }, { "trust": 0.7, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2020-11112" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2020-11113" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2020-10968" }, { "trust": 0.7, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.7, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.7, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2020-11111" }, { "trust": 0.6, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-10969" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1882/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1368/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4471/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-denial-of-service-via-apache-commons-proxy-rmiprovider-serialization-gadgets-typing-32064" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2588/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3190/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2619/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/48043" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1766/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/157322/red-hat-security-advisory-2020-1523-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/160601/red-hat-security-advisory-2020-5625-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1399/" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9547" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-10672" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-11619" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-11620" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-17573" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-9546" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-20445" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10673" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-9548" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-20444" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-8840" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-20330" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-7238" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14060" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14061" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14062" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-16869" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-12423" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11612" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-1745" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-10086" }, { "trust": 0.2, "url": "https://access.redhat.com/errata/rhsa-2020:5625" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-13990" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9512" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12406" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9514" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9515" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9518" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16335" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1695" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16942" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16943" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14888" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14892" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-17531" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-17267" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14540" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14893" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-10172" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1757" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/palindromelabs/java-deserialization-cves" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3196" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1727" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1727" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=distributions\u0026version=7.4" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2020:1414" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2333" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/19/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0210" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14887" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10688" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xeap-cd\u0026downloadtype=securitypatches\u0026version\u0019" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10174" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0205" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1732" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3197" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9488" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=securitypatches\u0026version=7.3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3779" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10714" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7658" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1710" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-7658" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1748" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3831" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-12541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4970" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9827" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9511" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1953" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12400" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3192" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14195" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3797" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:1523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" } ], "sources": [ { "db": "VULHUB", "id": "VHN-163658" }, { "db": "VULMON", "id": "CVE-2020-11112" }, { "db": "JVNDB", "id": "JVNDB-2020-003616" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "160601" }, { "db": "PACKETSTORM", "id": "157859" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157322" }, { "db": "CNNVD", "id": "CNNVD-202003-1736" }, { "db": "NVD", "id": "CVE-2020-11112" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-163658" }, { "db": "VULMON", "id": "CVE-2020-11112" }, { "db": "JVNDB", "id": "JVNDB-2020-003616" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "160601" }, { "db": "PACKETSTORM", "id": "157859" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157322" }, { "db": "CNNVD", "id": "CNNVD-202003-1736" }, { "db": "NVD", "id": "CVE-2020-11112" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-31T00:00:00", "db": "VULHUB", "id": "VHN-163658" }, { "date": "2020-03-31T00:00:00", "db": "VULMON", "id": "CVE-2020-11112" }, { "date": "2020-04-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-003616" }, { "date": "2020-07-29T17:52:58", "db": "PACKETSTORM", "id": "158650" }, { "date": "2020-12-17T18:09:37", "db": "PACKETSTORM", "id": "160601" }, { "date": "2020-05-28T16:22:46", "db": "PACKETSTORM", "id": "157859" }, { "date": "2020-07-29T17:53:05", "db": "PACKETSTORM", "id": "158651" }, { "date": "2020-09-17T14:07:40", "db": "PACKETSTORM", "id": "159208" }, { "date": "2020-07-29T00:05:59", "db": "PACKETSTORM", "id": "158636" }, { "date": "2020-04-21T14:19:58", "db": "PACKETSTORM", "id": "157322" }, { "date": "2020-03-31T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-1736" }, { "date": "2020-03-31T05:15:13.070000", "db": "NVD", "id": "CVE-2020-11112" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-10T00:00:00", "db": "VULHUB", "id": "VHN-163658" }, { "date": "2021-12-10T00:00:00", "db": "VULMON", "id": "CVE-2020-11112" }, { "date": "2020-04-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-003616" }, { "date": "2022-06-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-1736" }, { "date": "2024-07-03T01:36:11.610000", "db": "NVD", "id": "CVE-2020-11112" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-1736" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind Unreliable data deserialization vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-003616" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-1736" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202101-1933">var-202101-1933</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>===================================================================== Red Hat Security Advisory</p> <p>Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================</p> <ol> <li>Summary:</li> </ol> <p>Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Description:</li> </ol> <p>Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. </p> <ol> <li>Solution:</li> </ol> <p>This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:</p> <p>https://access.redhat.com/errata/RHBA-2021:1232</p> <p>All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor</p> <p>For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:</p> <p>https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html</p> <p>Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:</p> <p>https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):</p> <p>LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"</p> <p>5</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202101-1933" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202101-1933" aria-expanded="false" aria-controls="collapseJsonvar-202101-1933"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202101-1933&t=Vulnerability var-202101-1933" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202101-1933&title=Vulnerability var-202101-1933" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202101-1933&url=https://vulnerability.circl.lu/vuln/var-202101-1933" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202101-1933&title=Vulnerability var-202101-1933" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202101-1933&description=Vulnerability var-202101-1933" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202101-1933&title=Vulnerability var-202101-1933" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202101-1933')" vuln-id="var-202101-1933" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202101-1933"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202101-1933">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1933", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "banking treasury management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.4" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "communications policy management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.5.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "communications pricing design center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.0" }, { "model": "retail customer management and segmentation foundation", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "commerce platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.2" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.6.7.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.3.2" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.5.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3" }, { "model": "cloud backup", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "data integrator", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0.2" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.4.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "retail customer management and segmentation foundation", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "communications unified inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4.1" }, { "model": "communications convergent charging controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "insurance rules palette", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "goldengate application adapters", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1.0.0.0" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "communications diameter signaling route", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.5.0.0" }, { "model": "insurance rules palette", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "communications diameter signaling route", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications services gatekeeper", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.10" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0" }, { "model": "insurance policy administration", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "insurance policy administration", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12.0" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "communications offline mediation controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3.1" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.11" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "communications cloud native core policy", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.14.0" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "communications cloud native core unified data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.4.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.8" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.2.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0.4" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.0.0" }, { "model": "service level manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "commerce platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.5.0.23.0" }, { "model": "blockchain platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.1.2" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0.3" }, { "model": "insurance policy administration", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.11" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.1" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.6" }, { "model": "service level manager", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "jackson-databind", "scope": null, "trust": 0.8, "vendor": "fasterxml", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002835" }, { "db": "NVD", "id": "CVE-2020-36179" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.2", "versionStartIncluding": "11.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.10", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.11", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.0", "versionStartIncluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.5.0.0", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.4.0", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.1.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.6.7.5", "versionStartIncluding": "2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.8", "versionStartIncluding": "2.7.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-36179" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202101-327" } ], "trust": 0.8 }, "cve": "CVE-2020-36179", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-36179", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-381446", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-36179", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-36179", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202101-327", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-381446", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-36179", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-381446" }, { "db": "VULMON", "id": "CVE-2020-36179" }, { "db": "JVNDB", "id": "JVNDB-2021-002835" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-327" }, { "db": "NVD", "id": "CVE-2020-36179" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2020-36179" }, { "db": "JVNDB", "id": "JVNDB-2021-002835" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-381446" }, { "db": "VULMON", "id": "CVE-2020-36179" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-36179", "trust": 2.8 }, { "db": "PACKETSTORM", "id": "162493", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162350", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-002835", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021110515", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021050708", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042826", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1397", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1437", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1573", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-327", "trust": 0.6 }, { "db": "SEEBUG", "id": "SSVID-99105", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-381446", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-36179", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381446" }, { "db": "VULMON", "id": "CVE-2020-36179" }, { "db": "JVNDB", "id": "JVNDB-2021-002835" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-327" }, { "db": "NVD", "id": "CVE-2020-36179" } ] }, "id": "VAR-202101-1933", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-381446" } ], "trust": 0.01 }, "last_update_date": "2024-02-19T23:19:28.257000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "NTAP-20210205-0005", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138934" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128" }, { "title": "https://github.com/Al1ex/CVE-2020-36179", "trust": 0.1, "url": "https://github.com/al1ex/cve-2020-36179 " }, { "title": "https://github.com/Al1ex/Al1ex", "trust": 0.1, "url": "https://github.com/al1ex/al1ex " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-36179" }, { "db": "JVNDB", "id": "JVNDB-2021-002835" }, { "db": "CNNVD", "id": "CNNVD-202101-327" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.1 }, { "problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381446" }, { "db": "JVNDB", "id": "JVNDB-2021-002835" }, { "db": "NVD", "id": "CVE-2020-36179" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { "trust": 1.7, "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 1.7, "url": "https://github.com/fasterxml/jackson-databind/issues/3004" }, { "trust": 1.7, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3cissues.spark.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436@%3cissues.spark.apache.org%3e" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1437" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6455267" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021110515" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042826" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1397" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1573" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021050708" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19360" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20190" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14719" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35491" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36180" }, { "trust": 0.2, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36188" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36179" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36182" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24750" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36186" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14379" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1230" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2021:1232" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2163" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1515" } ], "sources": [ { "db": "VULHUB", "id": "VHN-381446" }, { "db": "JVNDB", "id": "JVNDB-2021-002835" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-327" }, { "db": "NVD", "id": "CVE-2020-36179" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-381446" }, { "db": "VULMON", "id": "CVE-2020-36179" }, { "db": "JVNDB", "id": "JVNDB-2021-002835" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-327" }, { "db": "NVD", "id": "CVE-2020-36179" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-07T00:00:00", "db": "VULHUB", "id": "VHN-381446" }, { "date": "2021-01-07T00:00:00", "db": "VULMON", "id": "CVE-2020-36179" }, { "date": "2021-10-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-002835" }, { "date": "2021-04-27T15:37:46", "db": "PACKETSTORM", "id": "162350" }, { "date": "2021-05-06T15:03:00", "db": "PACKETSTORM", "id": "162493" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-01-06T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-327" }, { "date": "2021-01-07T00:15:14.850000", "db": "NVD", "id": "CVE-2020-36179" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-02T00:00:00", "db": "VULHUB", "id": "VHN-381446" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2020-36179" }, { "date": "2021-10-06T01:05:00", "db": "JVNDB", "id": "JVNDB-2021-002835" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-07-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-327" }, { "date": "2023-11-07T03:22:06.623000", "db": "NVD", "id": "CVE-2020-36179" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-327" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002835" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-201903-0926">var-201903-0926</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service within the context of the affected application. Description:</p> <p>Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below. </p> <p>The References section of this erratum contains a download link (you must log in to download the update). The purpose of this text-only errata is to inform you about the security issues fixed in this release. Description:</p> <p>Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. </p> <p>It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. </p> <p>For the stable distribution (stretch), these problems have been fixed in version 2.8.6-1+deb9u5. </p> <p>We recommend that you upgrade your jackson-databind packages. </p> <p>For the detailed security status of jackson-databind please refer to its security tracker page at: https://security-tracker.debian.org/tracker/jackson-databind</p> <p>Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/</p> <p>Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----</p> <p>iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzoWnMACgkQEMKTtsN8 TjYKuA//TDDdI43NQ1mLh+bu0jrQOHZf8QLv/68kHpHe0kMAc92kSkK/k8GojxxZ u2BmBM8sYp7XzRN1wGfuh04BDnA6t9NdWl5VG/jaL2npubV6GeKa3b1trEol0WRw WJmwDkrp946XchxJZJyEU9QICaMBU4seDjq2nhSEzJhBiS6dHxh1PkCqpA0xL1iH yN/ZmSWbgIeZIbFMUiV6SghbXpEEAQjBVzeo7tbWddzDMV7atQdErpfOLoeAiWY3 6ER/AQqulMVaC3odGglzU2OksDfeRN4TIAVKhv7t0Jb6hJkJU3a5TJOe/jvWuNna b3+psiLU1LHHwlWZuUAbiFx6HZkLj0kxHH1IR9Om42MJ++lCZA78JbxwgfW9JsOH xbo+334isNCM6P7sdyvxabqwCSWbUFb+6eUR6Hqe9HaTrhWZPln3VL/pwszT7HSA Ut6RRIUcHu0BdMZZv08dO015j5Gk/a314BAvUQyRejYmM6WNQwwOkNHGp5I66VhA S284hCKozpttwG3ogDjbzwvCcmzUr757cgn4ACC6nXjfVnxz/u/WeMEAJfoYFPW8 +MKh7SkB1wADYBjgDt/HAG2e1A5GOjrtNO92x0GQ62iIs53iRvct6WmEJr4eQ/7T n3frp2khA85wvPhz3oj07KMxrnF4yBtrR6TO+eVkZAMp/COnosA= =PkmH -----END PGP SIGNATURE----- . (CVE-2019-12086)</p> <ul> <li>jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. (CVE-2019-12814)</li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:</p> <p>For OpenShift Container Platform 4.1 see the following documentation, which will be updated shortly for release 4.1.18, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:</p> <p>https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel ease-notes.html</p> <ol> <li>1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</li> </ol> <p>==================================================================== <br /> Red Hat Security Advisory</p> <p>Synopsis: Important: rh-maven35-jackson-databind security update Advisory ID: RHSA-2019:0782-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:0782 Issue date: 2019-04-17 CVE Names: CVE-2018-11307 CVE-2018-12022 CVE-2018-12023 CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 ==================================================================== 1. Summary:</p> <p>An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Relevant releases/architectures:</li> </ol> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch</p> <ol> <li>Description:</li> </ol> <p>The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. </p> <p>Security Fix(es):</p> <ul> <li> <p>jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)</p> </li> <li> <p>jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)</p> </li> <li> <p>jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)</p> </li> <li> <p>jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)</p> </li> <li> <p>jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)</p> </li> <li> <p>jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)</p> </li> <li> <p>jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)</p> </li> <li> <p>jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)</p> </li> <li> <p>jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)</p> </li> <li> <p>jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721)</p> </li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. </p> <ol> <li>Solution:</li> </ol> <p>For details on how to apply this update, which includes the changes described in this advisory, refer to:</p> <p>https://access.redhat.com/articles/11258</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1671096 - CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver 1671097 - CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library 1677341 - CVE-2018-11307 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis</p> <ol> <li>Package List:</li> </ol> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.5.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.5.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.5.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.5.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.5.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.5.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.5.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.5.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.5.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.5.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.5.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.5.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.5.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.5.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.5.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.5.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.5.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.5.el7.noarch.rpm</p> <p>These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/</p> <ol> <li>References:</li> </ol> <p>https://access.redhat.com/security/cve/CVE-2018-11307 https://access.redhat.com/security/cve/CVE-2018-12022 https://access.redhat.com/security/cve/CVE-2018-12023 https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBXLeUUdzjgjWX9erEAQjCgRAAiPsyahv9+018QOC0Og4f3PqS1+72/9EZ psiznlC4rHBBZNVTTDl3l+etFPn4lup/2vqYARJiymeDcsha8EhLda/uoLQ3h7ir zRnD98RYvSkS37Htu/FrzqVMF+5CglTqwi7HX1fLx1+Lj1S3HHGQ6/gSPf5ip2tI bV21UFQ4GlCqw/FANp5QSSAfX6GFQUb1Vx2Y3j8sgdFtcyMUepaZ+ZY+Hoc//Y5U NN8fx90BrRAF7j77phv6IcuQUxmn9ieV2pMcKTRSdtEVnd2c76zFnqusJ7hglj5w a2ULXjiBuQYipac7Hi3Zy6LRX+8cw367ryqHqJCW48VxEFZxTWkuzD58CZfIdos0 H5sgwgnymZiPgNp8XY2GTBoc39eqggW3WDe5VGorHEqAIk46dClsasjjCtUOSVTj Uawqnh9hbbzUnRakR0Q/yVuXIXzi9W4O3aP6zGEEsO6C4Y96Gp7LWuZRY9JWjtyL MTDJC/j2CAcASautmWn4fP8ar/wjTxCw5zpn8paHc1imZgTFiyw1lwH/y0FJOG9e JXIiWRzN6VD5e7xj46ehU/Z9T97XTgKwpYd/zvdT/Tm3EtfaIGk6rGMtuDHgk862 I29yBVnw8gZWJ8D1vUOcykDuJ/rcU/vbdAXIxjzK8rbXk3RVduRZSOroQJQ03gk+ zJxa94RMC2MbuE -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:</p> <p>Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. </p> <p>This release of Red Hat Data Grid 7.3.2 serves as a replacement for Red Hat Data Grid 7.3.1 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Solution:</p> <p>To install this update, do the following:</p> <ol> <li>Download the Data Grid 7.3.2 server patch from the customer portal. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. Install the Data Grid 7.3.2 server patch. Refer to the 7.3 Release Notes for patching instructions. Restart Data Grid to ensure the changes take effect</li> </ol></p> <a href="https://www.variotdbs.pl/vuln/VAR-201903-0926" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201903-0926" aria-expanded="false" aria-controls="collapseJsonvar-201903-0926"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201903-0926&t=Vulnerability var-201903-0926" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201903-0926&title=Vulnerability var-201903-0926" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201903-0926&url=https://vulnerability.circl.lu/vuln/var-201903-0926" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201903-0926&title=Vulnerability var-201903-0926" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201903-0926&description=Vulnerability var-201903-0926" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201903-0926&title=Vulnerability var-201903-0926" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201903-0926')" vuln-id="var-201903-0926" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-201903-0926"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-201903-0926">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201903-0926", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jd edwards enterpriseone tools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.2" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "29" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "jboss brms", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.4.10" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.0" }, { "model": "automation manager", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3.1" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.6" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.8.11.2" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.9.4" }, { "model": "openshift container platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "3.11" }, { "model": "single sign-on", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "decision manager", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3.1" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.0" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.8.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2018-12023" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7.9.4", "versionStartIncluding": "2.7.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.8.11.2", "versionStartIncluding": "2.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.6", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_brms:6.4.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:automation_manager:7.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:decision_manager:7.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-12023" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "154505" }, { "db": "PACKETSTORM", "id": "155352" }, { "db": "PACKETSTORM", "id": "152620" }, { "db": "PACKETSTORM", "id": "153724" }, { "db": "PACKETSTORM", "id": "154649" }, { "db": "PACKETSTORM", "id": "152558" }, { "db": "PACKETSTORM", "id": "155516" } ], "trust": 0.7 }, "cve": "CVE-2018-12023", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 4.9, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 4.9, "id": "VHN-121941", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 4.9, "id": "CVE-2018-12023", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.6, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-12023", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201901-723", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-121941", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2018-12023", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-121941" }, { "db": "VULMON", "id": "CVE-2018-12023" }, { "db": "CNNVD", "id": "CNNVD-201901-723" }, { "db": "NVD", "id": "CVE-2018-12023" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service within the context of the affected application. Description:\n\nRed Hat Fuse provides a small-footprint, flexible, open source enterprise\nservice bus and integration platform. Red Hat A-MQ is a standards compliant\nmessaging system that is tailored for use in mission critical applications. It\nincludes bug fixes, which are documented in the patch notes accompanying\nthe package on the download page. See the download link given in the\nreferences section below. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2.8.6-1+deb9u5. \n\nWe recommend that you upgrade your jackson-databind packages. \n\nFor the detailed security status of jackson-databind please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/jackson-databind\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzoWnMACgkQEMKTtsN8\nTjYKuA//TDDdI43NQ1mLh+bu0jrQOHZf8QLv/68kHpHe0kMAc92kSkK/k8GojxxZ\nu2BmBM8sYp7XzRN1wGfuh04BDnA6t9NdWl5VG/jaL2npubV6GeKa3b1trEol0WRw\nWJmwDkrp946XchxJZJyEU9QICaMBU4seDjq2nhSEzJhBiS6dHxh1PkCqpA0xL1iH\nyN/ZmSWbgIeZIbFMUiV6SghbXpEEAQjBVzeo7tbWddzDMV7atQdErpfOLoeAiWY3\n6ER/AQqulMVaC3odGglzU2OksDfeRN4TIAVKhv7t0Jb6hJkJU3a5TJOe/jvWuNna\nb3+psiLU1LHHwlWZuUAbiFx6HZkLj0kxHH1IR9Om42MJ++lCZA78JbxwgfW9JsOH\nxbo+334isNCM6P7sdyvxabqwCSWbUFb+6eUR6Hqe9HaTrhWZPln3VL/pwszT7HSA\nUt6RRIUcHu0BdMZZv08dO015j5Gk/a314BAvUQyRejYmM6WNQwwOkNHGp5I66VhA\nS284hCKozpttwG3ogDjbzwvCcmzUr757cgn4ACC6nXjfVnxz/u/WeMEAJfoYFPW8\n+MKh7SkB1wADYBjgDt/HAG2e1A5GOjrtNO92x0GQ62iIs53iRvct6WmEJr4eQ/7T\nn3frp2khA85wvPhz3oj07KMxrnF4yBtrR6TO+eVkZAMp/COnosA=\n=PkmH\n-----END PGP SIGNATURE-----\n. (CVE-2019-12086)\n\n* jackson-databind: polymorphic typing issue allows attacker to read\narbitrary local files on the server via crafted JSON message. \n(CVE-2019-12814)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor OpenShift Container Platform 4.1 see the following documentation, which\nwill be updated shortly for release 4.1.18, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel\nease-notes.html\n\n4. \n1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-maven35-jackson-databind security update\nAdvisory ID: RHSA-2019:0782-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:0782\nIssue date: 2019-04-17\nCVE Names: CVE-2018-11307 CVE-2018-12022 CVE-2018-12023\n CVE-2018-14718 CVE-2018-14719 CVE-2018-14720\n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361\n CVE-2018-19362\n====================================================================\n1. Summary:\n\nAn update for rh-maven35-jackson-databind is now available for Red Hat\nSoftware Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. Description:\n\nThe jackson-databind package provides general data-binding functionality\nfor Jackson, which works on top of Jackson core streaming API. \n\nSecurity Fix(es):\n\n* jackson-databind: Potential information exfiltration with default typing,\nserialization gadget from MyBatis (CVE-2018-11307)\n\n* jackson-databind: improper polymorphic deserialization of types from\nJodd-db library (CVE-2018-12022)\n\n* jackson-databind: improper polymorphic deserialization of types from\nOracle JDBC driver (CVE-2018-12023)\n\n* jackson-databind: arbitrary code execution in slf4j-ext class\n(CVE-2018-14718)\n\n* jackson-databind: arbitrary code execution in blaze-ds-opt and\nblaze-ds-core classes (CVE-2018-14719)\n\n* jackson-databind: improper polymorphic deserialization in\naxis2-transport-jms class (CVE-2018-19360)\n\n* jackson-databind: improper polymorphic deserialization in openjpa class\n(CVE-2018-19361)\n\n* jackson-databind: improper polymorphic deserialization in\njboss-common-core class (CVE-2018-19362)\n\n* jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)\n\n* jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n(CVE-2018-14721)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1671096 - CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver\n1671097 - CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library\n1677341 - CVE-2018-11307 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.5.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.5.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.5.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.5.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.5.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.5.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.5.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.5.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.5.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.5.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.5.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.5.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.5.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.5.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.5.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.5.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.5.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.5.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-11307\nhttps://access.redhat.com/security/cve/CVE-2018-12022\nhttps://access.redhat.com/security/cve/CVE-2018-12023\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXLeUUdzjgjWX9erEAQjCgRAAiPsyahv9+018QOC0Og4f3PqS1+72/9EZ\npsiznlC4rHBBZNVTTDl3l+etFPn4lup/2vqYARJiymeDcsha8EhLda/uoLQ3h7ir\nzRnD98RYvSkS37Htu/FrzqVMF+5CglTqwi7HX1fLx1+Lj1S3HHGQ6/gSPf5ip2tI\nbV21UFQ4GlCqw/FANp5QSSAfX6GFQUb1Vx2Y3j8sgdFtcyMUepaZ+ZY+Hoc//Y5U\nNN8fx90BrRAF7j77phv6IcuQUxmn9ieV2pMcKTRSdtEVnd2c76zFnqusJ7hglj5w\na2ULXjiBuQYipac7Hi3Zy6LRX+8cw367ryqHqJCW48VxEFZxTWkuzD58CZfIdos0\nH5sgwgnymZiPgNp8XY2GTBoc39eqggW3WDe5VGorHEqAIk46dClsasjjCtUOSVTj\nUawqnh9hbbzUnRakR0Q/yVuXIXzi9W4O3aP6zGEEsO6C4Y96Gp7LWuZRY9JWjtyL\nMTDJC/j2CAcASautmWn4fP8ar/wjTxCw5zpn8paHc1imZgTFiyw1lwH/y0FJOG9e\nJXIiWRzN6VD5e7xj46ehU/Z9T97XTgKwpYd/zvdT/Tm3EtfaIGk6rGMtuDHgk862\nI29yBVnw8gZWJ8D1vUOcykDuJ/rcU/vbdAXIxjzK8rbXk3RVduRZSOroQJQ03gk+\nzJxa94RMC2MbuE\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.2 serves as a replacement for Red Hat\nData Grid 7.3.1 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.2 server patch from the customer portal. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. Install the Data Grid 7.3.2 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. Restart Data Grid to ensure the changes take effect", "sources": [ { "db": "NVD", "id": "CVE-2018-12023" }, { "db": "VULHUB", "id": "VHN-121941" }, { "db": "VULMON", "id": "CVE-2018-12023" }, { "db": "PACKETSTORM", "id": "154505" }, { "db": "PACKETSTORM", "id": "155352" }, { "db": "PACKETSTORM", "id": "152620" }, { "db": "PACKETSTORM", "id": "153724" }, { "db": "PACKETSTORM", "id": "153090" }, { "db": "PACKETSTORM", "id": "154649" }, { "db": "PACKETSTORM", "id": "152558" }, { "db": "PACKETSTORM", "id": "155516" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-12023", "trust": 2.6 }, { "db": "BID", "id": "105659", "trust": 1.8 }, { "db": "CNNVD", "id": "CNNVD-201901-723", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "155352", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "152620", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "152558", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "155516", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.1350", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4332", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.4254", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0674", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4532", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-121941", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-12023", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154505", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "153724", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "153090", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154649", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-121941" }, { "db": "VULMON", "id": "CVE-2018-12023" }, { "db": "PACKETSTORM", "id": "154505" }, { "db": "PACKETSTORM", "id": "155352" }, { "db": "PACKETSTORM", "id": "152620" }, { "db": "PACKETSTORM", "id": "153724" }, { "db": "PACKETSTORM", "id": "153090" }, { "db": "PACKETSTORM", "id": "154649" }, { "db": "PACKETSTORM", "id": "152558" }, { "db": "PACKETSTORM", "id": "155516" }, { "db": "CNNVD", "id": "CNNVD-201901-723" }, { "db": "NVD", "id": "CVE-2018-12023" } ] }, "id": "VAR-201903-0926", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-121941" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:57:59.201000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FasterXML Jackson-databind Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88845" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 7 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191108 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 6 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191107 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss BPM Suite 6.4.12 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191797 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191106 - security advisory" }, { "title": "Red Hat: Important: Red Hat FIS 2.0 on Fuse 6.3.0 R13 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193002 - security advisory" }, { "title": "Red Hat: Important: Red Hat Single Sign-On 7.3.1 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191140 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss BRMS 6.4.12 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191782 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Fuse/A-MQ 6.3 R13 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192804 - security advisory" }, { "title": "Red Hat: Important: Red Hat Process Automation Manager 7.4.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191823 - security advisory" }, { "title": "Red Hat: Important: Red Hat Decision Manager 7.4.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191822 - security advisory" }, { "title": "Red Hat: Important: rh-maven35-jackson-databind security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190782 - security advisory" }, { "title": "Red Hat: Important: Red Hat OpenShift Application Runtimes Thorntail 2.4.0 security \u0026 bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190877 - security advisory" }, { "title": "Red Hat: Important: Red Hat Data Grid 7.3.2 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20194037 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Data Virtualization 6.4.8 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193140 - security advisory" }, { "title": "Red Hat: Important: OpenShift Container Platform 4.1.18 logging-elasticsearch5 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192858 - security advisory" }, { "title": "Debian Security Advisories: DSA-4452-1 jackson-databind -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a4042e15eece2d982640f9a553bd3505" }, { "title": "Red Hat: Important: OpenShift Container Platform logging-elasticsearch5-container security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193149 - security advisory" }, { "title": "Red Hat: Important: Red Hat Fuse 7.5.0 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193892 - security advisory" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2019", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385" }, { "title": "IBM: Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3dea47d76eee003a50f853f241578c37" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics \u2013 Log Analysis", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1db4c8cb14383c63d0c04205c943ef8a" }, { "title": "cybsec", "trust": 0.1, "url": "https://github.com/ilmari666/cybsec " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-12023" }, { "db": "CNNVD", "id": "CNNVD-201901-723" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-121941" }, { "db": "NVD", "id": "CVE-2018-12023" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "http://www.securityfocus.com/bid/105659" }, { "trust": 2.5, "url": "https://access.redhat.com/errata/rhsa-2019:0782" }, { "trust": 2.5, "url": "https://access.redhat.com/errata/rhsa-2019:3892" }, { "trust": 2.5, "url": "https://access.redhat.com/errata/rhsa-2019:4037" }, { "trust": 2.4, "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:0877" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:1823" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:2804" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:2858" }, { "trust": 1.8, "url": "https://seclists.org/bugtraq/2019/may/68" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20190530-0003/" }, { "trust": 1.8, "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "trust": 1.8, "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "trust": 1.8, "url": "https://www.debian.org/security/2019/dsa-4452" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2058" }, { "trust": 1.8, "url": "https://www.blackhat.com/docs/us-16/materials/us-16-munoz-a-journey-from-jndi-ldap-manipulation-to-rce.pdf" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "trust": 1.8, "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhba-2019:0959" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:1106" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:1107" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:1108" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:1140" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:1782" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:1797" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:1822" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:3002" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:3140" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:3149" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12023" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d%40%3cissues.lucene.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zedlduybstdy4gwdbuxgjns2rfytfvrc/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12022" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11307" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zedlduybstdy4gwdbuxgjns2rfytfvrc/" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3cissues.lucene.apache.org%3e" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2018-19360" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2018-14718" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2018-14719" }, { "trust": 0.7, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.7, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.7, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2018-19362" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2018-12023" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2018-12022" }, { "trust": 0.7, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2018-11307" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2018-19361" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721" }, { "trust": 0.6, "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/152558/red-hat-security-advisory-2019-0782-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/152620/red-hat-security-advisory-2019-0877-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/76470" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/79390" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4532/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4254/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4332/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/155516/red-hat-security-advisory-2019-4037-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/155352/red-hat-security-advisory-2019-3892-01.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/jackson-databind-code-execution-via-oracle-jdbc-driver-deserialization-28553" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities-3/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-third-party-vulnerable-library-jackson-databind-affects-ibm-engineering-lifecycle-optimization-publishing/" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2018-14720" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2018-14721" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-15095" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-10173" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10173" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17485" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2017-17485" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2017-15095" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=60029" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/ilmari666/cybsec" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=jboss.fuse\u0026version=6.3" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-10899" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10899" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq.broker\u0026downloadtype=securitypatches\u0026version=6.3.0" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11796" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0204" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-8034" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9512" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000850" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9514" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.5.0" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000850" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0201" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9515" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8009" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8034" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9518" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11775" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11796" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1131" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1131" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0204" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16869" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11775" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14860" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0201" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-8009" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14860" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10894" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xcatrhoar.thorntail\u0026version=2.4.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1114" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-10894" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-10862" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-10912" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10862" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1114" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10912" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html-single/rhoar_thorntail_release_notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1067" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000180" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1067" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.4/html/release_notes_for_red_hat_process_automation_manager_7.4/index" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.4.0" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/jackson-databind" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7525" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-7489" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-5968" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10237" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-7525" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7489" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12814" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-10237" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5968" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12384" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12384" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12814" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14379" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/softwaredetail.html?softwareid=70381\u0026product=data.grid\u0026version=7.3\u0026downloadtype=patches" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10158" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10158" } ], "sources": [ { "db": "VULHUB", "id": "VHN-121941" }, { "db": "VULMON", "id": "CVE-2018-12023" }, { "db": "PACKETSTORM", "id": "154505" }, { "db": "PACKETSTORM", "id": "155352" }, { "db": "PACKETSTORM", "id": "152620" }, { "db": "PACKETSTORM", "id": "153724" }, { "db": "PACKETSTORM", "id": "153090" }, { "db": "PACKETSTORM", "id": "154649" }, { "db": "PACKETSTORM", "id": "152558" }, { "db": "PACKETSTORM", "id": "155516" }, { "db": "CNNVD", "id": "CNNVD-201901-723" }, { "db": "NVD", "id": "CVE-2018-12023" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-121941" }, { "db": "VULMON", "id": "CVE-2018-12023" }, { "db": "PACKETSTORM", "id": "154505" }, { "db": "PACKETSTORM", "id": "155352" }, { "db": "PACKETSTORM", "id": "152620" }, { "db": "PACKETSTORM", "id": "153724" }, { "db": "PACKETSTORM", "id": "153090" }, { "db": "PACKETSTORM", "id": "154649" }, { "db": "PACKETSTORM", "id": "152558" }, { "db": "PACKETSTORM", "id": "155516" }, { "db": "CNNVD", "id": "CNNVD-201901-723" }, { "db": "NVD", "id": "CVE-2018-12023" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-03-21T00:00:00", "db": "VULHUB", "id": "VHN-121941" }, { "date": "2019-03-21T00:00:00", "db": "VULMON", "id": "CVE-2018-12023" }, { "date": "2019-09-17T16:47:39", "db": "PACKETSTORM", "id": "154505" }, { "date": "2019-11-15T16:16:10", "db": "PACKETSTORM", "id": "155352" }, { "date": "2019-04-24T23:47:05", "db": "PACKETSTORM", "id": "152620" }, { "date": "2019-07-23T18:44:44", "db": "PACKETSTORM", "id": "153724" }, { "date": "2019-05-24T18:02:22", "db": "PACKETSTORM", "id": "153090" }, { "date": "2019-09-28T11:11:11", "db": "PACKETSTORM", "id": "154649" }, { "date": "2019-04-17T23:19:43", "db": "PACKETSTORM", "id": "152558" }, { "date": "2019-12-02T19:18:36", "db": "PACKETSTORM", "id": "155516" }, { "date": "2019-01-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201901-723" }, { "date": "2019-03-21T16:00:12.407000", "db": "NVD", "id": "CVE-2018-12023" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-10-20T00:00:00", "db": "VULHUB", "id": "VHN-121941" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2018-12023" }, { "date": "2021-04-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201901-723" }, { "date": "2023-11-07T02:52:00.913000", "db": "NVD", "id": "CVE-2018-12023" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201901-723" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind Code problem vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-201901-723" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code execution", "sources": [ { "db": "PACKETSTORM", "id": "155352" }, { "db": "PACKETSTORM", "id": "152620" }, { "db": "PACKETSTORM", "id": "153724" }, { "db": "PACKETSTORM", "id": "154649" }, { "db": "PACKETSTORM", "id": "152558" }, { "db": "PACKETSTORM", "id": "155516" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202101-1931">var-202101-1931</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>===================================================================== Red Hat Security Advisory</p> <p>Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================</p> <ol> <li>Summary:</li> </ol> <p>Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Description:</li> </ol> <p>Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. </p> <ol> <li>Solution:</li> </ol> <p>This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:</p> <p>https://access.redhat.com/errata/RHBA-2021:1232</p> <p>All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor</p> <p>For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:</p> <p>https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html</p> <p>Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:</p> <p>https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):</p> <p>LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"</p> <p>5</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202101-1931" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202101-1931" aria-expanded="false" aria-controls="collapseJsonvar-202101-1931"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202101-1931&t=Vulnerability var-202101-1931" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202101-1931&title=Vulnerability var-202101-1931" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202101-1931&url=https://vulnerability.circl.lu/vuln/var-202101-1931" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202101-1931&title=Vulnerability var-202101-1931" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202101-1931&description=Vulnerability var-202101-1931" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202101-1931&title=Vulnerability var-202101-1931" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202101-1931')" vuln-id="var-202101-1931" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202101-1931"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202101-1931">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1931", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "communications policy management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.5.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "communications pricing design center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.0" }, { "model": "retail customer management and segmentation foundation", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "commerce platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.2" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.6.7.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.3.2" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.5.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "banking treasury management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3" }, { "model": "cloud backup", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "data integrator", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0.2" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.4.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "retail customer management and segmentation foundation", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "communications unified inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4.1" }, { "model": "communications convergent charging controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "insurance rules palette", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "goldengate application adapters", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1.0.0.0" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "communications diameter signaling route", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.5.0.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.0" }, { "model": "insurance rules palette", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "communications diameter signaling route", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "communications services gatekeeper", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.10" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0" }, { "model": "insurance policy administration", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "insurance policy administration", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12.0" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.2" }, { "model": "communications offline mediation controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3.1" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.11" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "communications cloud native core policy", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.14.0" }, { "model": "communications cloud native core unified data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.4.0" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.8" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.0.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.2.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0.4" }, { "model": "service level manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "commerce platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.5.0.23.0" }, { "model": "blockchain platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.1.2" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0.3" }, { "model": "insurance policy administration", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.11" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.1" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.4" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.6" }, { "model": "service level manager", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "jackson-databind", "scope": null, "trust": 0.8, "vendor": "fasterxml", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002837" }, { "db": "NVD", "id": "CVE-2020-36182" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.8", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.2", "versionStartIncluding": "11.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.10", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.11", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.0", "versionStartIncluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.5.0.0", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.4.0", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.1.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-36182" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202101-325" } ], "trust": 0.8 }, "cve": "CVE-2020-36182", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-36182", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-381449", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-36182", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-36182", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202101-325", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-381449", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-36182", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-381449" }, { "db": "VULMON", "id": "CVE-2020-36182" }, { "db": "JVNDB", "id": "JVNDB-2021-002837" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-325" }, { "db": "NVD", "id": "CVE-2020-36182" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2020-36182" }, { "db": "JVNDB", "id": "JVNDB-2021-002837" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-381449" }, { "db": "VULMON", "id": "CVE-2020-36182" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-36182", "trust": 2.8 }, { "db": "PACKETSTORM", "id": "162493", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162350", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-002837", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021110515", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021050708", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042826", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1397", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1437", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1573", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-325", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-381449", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-36182", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381449" }, { "db": "VULMON", "id": "CVE-2020-36182" }, { "db": "JVNDB", "id": "JVNDB-2021-002837" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-325" }, { "db": "NVD", "id": "CVE-2020-36182" } ] }, "id": "VAR-202101-1931", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-381449" } ], "trust": 0.01 }, "last_update_date": "2024-02-12T23:58:38.236000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "NTAP-20210205-0005", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138932" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128" }, { "title": "https://github.com/Al1ex/CVE-2020-36179", "trust": 0.1, "url": "https://github.com/al1ex/cve-2020-36179 " }, { "title": "https://github.com/Al1ex/Al1ex", "trust": 0.1, "url": "https://github.com/al1ex/al1ex " }, { "title": "PHunter", "trust": 0.1, "url": "https://github.com/anonymous-phunter/phunter " }, { "title": "PHunter", "trust": 0.1, "url": "https://github.com/cgcl-codes/phunter " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-36182" }, { "db": "JVNDB", "id": "JVNDB-2021-002837" }, { "db": "CNNVD", "id": "CNNVD-202101-325" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.1 }, { "problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381449" }, { "db": "JVNDB", "id": "JVNDB-2021-002837" }, { "db": "NVD", "id": "CVE-2020-36182" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { "trust": 1.8, "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/3004" }, { "trust": 1.8, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1437" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6455267" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021110515" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042826" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1397" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1573" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021050708" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19360" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20190" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14719" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35491" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36180" }, { "trust": 0.2, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36188" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36179" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36182" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24750" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36186" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14379" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/al1ex/cve-2020-36179" }, { "trust": 0.1, "url": "https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-128/index.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1230" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2021:1232" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2163" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1515" } ], "sources": [ { "db": "VULHUB", "id": "VHN-381449" }, { "db": "VULMON", "id": "CVE-2020-36182" }, { "db": "JVNDB", "id": "JVNDB-2021-002837" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-325" }, { "db": "NVD", "id": "CVE-2020-36182" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-381449" }, { "db": "VULMON", "id": "CVE-2020-36182" }, { "db": "JVNDB", "id": "JVNDB-2021-002837" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-325" }, { "db": "NVD", "id": "CVE-2020-36182" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-07T00:00:00", "db": "VULHUB", "id": "VHN-381449" }, { "date": "2021-01-07T00:00:00", "db": "VULMON", "id": "CVE-2020-36182" }, { "date": "2021-10-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-002837" }, { "date": "2021-04-27T15:37:46", "db": "PACKETSTORM", "id": "162350" }, { "date": "2021-05-06T15:03:00", "db": "PACKETSTORM", "id": "162493" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-01-06T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-325" }, { "date": "2021-01-07T00:15:14.960000", "db": "NVD", "id": "CVE-2020-36182" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-02T00:00:00", "db": "VULHUB", "id": "VHN-381449" }, { "date": "2023-09-13T00:00:00", "db": "VULMON", "id": "CVE-2020-36182" }, { "date": "2021-10-06T01:05:00", "db": "JVNDB", "id": "JVNDB-2021-002837" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-07-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-325" }, { "date": "2023-09-13T14:56:46.657000", "db": "NVD", "id": "CVE-2020-36182" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-325" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002837" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202012-1550">var-202012-1550</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. FasterXML Jackson Databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>===================================================================== Red Hat Security Advisory</p> <p>Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================</p> <ol> <li>Summary:</li> </ol> <p>Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Description:</li> </ol> <p>Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. </p> <ol> <li>Solution:</li> </ol> <p>This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:</p> <p>https://access.redhat.com/errata/RHBA-2021:1232</p> <p>All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor</p> <p>For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:</p> <p>https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html</p> <p>Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:</p> <p>https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):</p> <p>LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"</p> <p>5</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202012-1550" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202012-1550" aria-expanded="false" aria-controls="collapseJsonvar-202012-1550"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202012-1550&t=Vulnerability var-202012-1550" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202012-1550&title=Vulnerability var-202012-1550" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202012-1550&url=https://vulnerability.circl.lu/vuln/var-202012-1550" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202012-1550&title=Vulnerability var-202012-1550" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202012-1550&description=Vulnerability var-202012-1550" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202012-1550&title=Vulnerability var-202012-1550" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202012-1550')" vuln-id="var-202012-1550" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202012-1550"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202012-1550">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202012-1550", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.7.0" }, { "model": "banking treasury management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.4" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.9.0" }, { "model": "communications pricing design center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.0" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.7.1" }, { "model": "communications offline mediation controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.5.0" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.10.0" }, { "model": "communications services gatekeeper", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0.2" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.5.0" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "communications cloud native core policy", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.14.0" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "communications cloud native core unified data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.4.0" }, { "model": "communications unified inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4.1" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.8" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.3" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.0.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0.4" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.6.2" }, { "model": "service level manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "communications interactive session recorder", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.3" }, { "model": "communications interactive session recorder", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.4" }, { "model": "blockchain platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.1.2" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0.3" }, { "model": "insurance policy administration j2ee", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.2.0" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.8.0" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.1" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.4" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.6" }, { "model": "service level manager", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "hitachi ops center common services", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "jackson-databind", "scope": null, "trust": 0.8, "vendor": "fasterxml", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-014728" }, { "db": "NVD", "id": "CVE-2020-35490" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.8", "versionStartIncluding": "2.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.5.0", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.1.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-35490" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202012-1285" } ], "trust": 0.8 }, "cve": "CVE-2020-35490", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-35490", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-377686", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-35490", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-35490", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202012-1285", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-377686", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-35490", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-377686" }, { "db": "VULMON", "id": "CVE-2020-35490" }, { "db": "JVNDB", "id": "JVNDB-2020-014728" }, { "db": "NVD", "id": "CVE-2020-35490" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202012-1285" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. FasterXML Jackson Databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2020-35490" }, { "db": "JVNDB", "id": "JVNDB-2020-014728" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-377686" }, { "db": "VULMON", "id": "CVE-2020-35490" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-35490", "trust": 2.8 }, { "db": "PACKETSTORM", "id": "162350", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162493", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-014728", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202012-1285", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.3599", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1573", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1397", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1437", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021072757", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021050708", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042826", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-377686", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-35490", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-377686" }, { "db": "VULMON", "id": "CVE-2020-35490" }, { "db": "JVNDB", "id": "JVNDB-2020-014728" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-35490" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202012-1285" } ] }, "id": "VAR-202012-1550", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-377686" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:47:20.849000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "hitachi-sec-2021-110 Software product security information", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2986" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-110" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128" }, { "title": "IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics \u2013 Log Analysis", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1db4c8cb14383c63d0c04205c943ef8a" }, { "title": "Al1ex", "trust": 0.1, "url": "https://github.com/al1ex/al1ex " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-35490" }, { "db": "JVNDB", "id": "JVNDB-2020-014728" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.1 }, { "problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-377686" }, { "db": "JVNDB", "id": "JVNDB-2020-014728" }, { "db": "NVD", "id": "CVE-2020-35490" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20210122-0005/" }, { "trust": 1.8, "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2986" }, { "trust": 1.8, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1397" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1573" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072757" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1437" }, { "trust": 0.6, "url": "https://www.oracle.com/security-alerts/cpujul2021.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.3599" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042826" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021050708" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19360" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20190" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14719" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35491" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36180" }, { "trust": 0.2, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36188" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36179" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36182" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24750" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36186" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14379" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/al1ex/al1ex" }, { "trust": 0.1, "url": "https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-110/index.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1230" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2021:1232" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2163" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1515" } ], "sources": [ { "db": "VULHUB", "id": "VHN-377686" }, { "db": "VULMON", "id": "CVE-2020-35490" }, { "db": "JVNDB", "id": "JVNDB-2020-014728" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-35490" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202012-1285" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-377686" }, { "db": "VULMON", "id": "CVE-2020-35490" }, { "db": "JVNDB", "id": "JVNDB-2020-014728" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-35490" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202012-1285" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-12-17T00:00:00", "db": "VULHUB", "id": "VHN-377686" }, { "date": "2020-12-17T00:00:00", "db": "VULMON", "id": "CVE-2020-35490" }, { "date": "2021-08-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-014728" }, { "date": "2021-04-27T15:37:46", "db": "PACKETSTORM", "id": "162350" }, { "date": "2021-05-06T15:03:00", "db": "PACKETSTORM", "id": "162493" }, { "date": "2020-12-17T19:15:14.417000", "db": "NVD", "id": "CVE-2020-35490" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2020-12-17T00:00:00", "db": "CNNVD", "id": "CNNVD-202012-1285" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-08T00:00:00", "db": "VULHUB", "id": "VHN-377686" }, { "date": "2022-09-08T00:00:00", "db": "VULMON", "id": "CVE-2020-35490" }, { "date": "2021-08-30T01:28:00", "db": "JVNDB", "id": "JVNDB-2020-014728" }, { "date": "2022-09-08T21:32:11.783000", "db": "NVD", "id": "CVE-2020-35490" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2023-06-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202012-1285" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202012-1285" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML\u00a0Jackson\u00a0Databind\u00a0 Untrusted Data Deserialization Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-014728" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202006-1826">var-202006-1826</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.5. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:</p> <p>Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. </p> <p>It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. </p> <p>The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>==================================================================== <br /> Red Hat Security Advisory</p> <p>Synopsis: Important: Red Hat Fuse 7.7.0 release and security update Advisory ID: RHSA-2020:3192-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2020:3192 Issue date: 2020-07-28 CVE Names: CVE-2016-4970 CVE-2018-3831 CVE-2018-11797 CVE-2018-12541 CVE-2018-1000632 CVE-2019-0231 CVE-2019-3797 CVE-2019-9511 CVE-2019-9827 CVE-2019-10086 CVE-2019-10172 CVE-2019-12086 CVE-2019-12400 CVE-2019-14540 CVE-2019-14888 CVE-2019-14892 CVE-2019-14893 CVE-2019-16335 CVE-2019-16942 CVE-2019-16943 CVE-2019-17267 CVE-2019-17531 CVE-2019-17573 CVE-2019-20330 CVE-2019-20444 CVE-2019-20445 CVE-2020-1745 CVE-2020-1757 CVE-2020-1953 CVE-2020-7238 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10672 CVE-2020-10673 CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11619 CVE-2020-11620 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195 ==================================================================== 1. Summary:</p> <p>A minor version update (from 7.6 to 7.7) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Description:</li> </ol> <p>This release of Red Hat Fuse 7.7.0 serves as a replacement for Red Hat Fuse 7.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. </p> <p>Security Fix(es):</p> <ul> <li> <p>netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)</p> </li> <li> <p>dom4j (CVE-2018-1000632)</p> </li> <li> <p>elasticsearch (CVE-2018-3831)</p> </li> <li> <p>pdfbox (CVE-2018-11797)</p> </li> <li> <p>vertx (CVE-2018-12541)</p> </li> <li> <p>spring-data-jpa (CVE-2019-3797)</p> </li> <li> <p>mina-core (CVE-2019-0231)</p> </li> <li> <p>jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540 CVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943 CVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619 CVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)</p> </li> <li> <p>jackson-mapper-asl (CVE-2019-10172)</p> </li> <li> <p>hawtio (CVE-2019-9827)</p> </li> <li> <p>undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)</p> </li> <li> <p>santuario (CVE-2019-12400)</p> </li> <li> <p>apache-commons-beanutils (CVE-2019-10086)</p> </li> <li> <p>cxf (CVE-2019-17573)</p> </li> <li> <p>apache-commons-configuration (CVE-2020-1953)</p> </li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. </p> <ol> <li>Solution:</li> </ol> <p>Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. </p> <p>Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1728604 - CVE-2019-9827 hawtio: server side request forgery via initial /proxy/ substring of a URI 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource 1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig 1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package 1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package 1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package 1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.<em> 1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource 1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source 1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default 1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS 1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.</em> 1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking 1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page 1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header 1798524 - CVE-2019-20444 netty: HTTP request smuggling 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1815212 - CVE-2020-1953 apache-commons-configuration: uncontrolled class instantiation when loading YAML files 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory 1848960 - CVE-2020-14060 jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool 1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool 1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms</p> <ol> <li>References:</li> </ol> <p>https://access.redhat.com/security/cve/CVE-2016-4970 https://access.redhat.com/security/cve/CVE-2018-3831 https://access.redhat.com/security/cve/CVE-2018-11797 https://access.redhat.com/security/cve/CVE-2018-12541 https://access.redhat.com/security/cve/CVE-2018-1000632 https://access.redhat.com/security/cve/CVE-2019-0231 https://access.redhat.com/security/cve/CVE-2019-3797 https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9827 https://access.redhat.com/security/cve/CVE-2019-10086 https://access.redhat.com/security/cve/CVE-2019-10172 https://access.redhat.com/security/cve/CVE-2019-12086 https://access.redhat.com/security/cve/CVE-2019-12400 https://access.redhat.com/security/cve/CVE-2019-14540 https://access.redhat.com/security/cve/CVE-2019-14888 https://access.redhat.com/security/cve/CVE-2019-14892 https://access.redhat.com/security/cve/CVE-2019-14893 https://access.redhat.com/security/cve/CVE-2019-16335 https://access.redhat.com/security/cve/CVE-2019-16942 https://access.redhat.com/security/cve/CVE-2019-16943 https://access.redhat.com/security/cve/CVE-2019-17267 https://access.redhat.com/security/cve/CVE-2019-17531 https://access.redhat.com/security/cve/CVE-2019-17573 https://access.redhat.com/security/cve/CVE-2019-20330 https://access.redhat.com/security/cve/CVE-2019-20444 https://access.redhat.com/security/cve/CVE-2019-20445 https://access.redhat.com/security/cve/CVE-2020-1745 https://access.redhat.com/security/cve/CVE-2020-1757 https://access.redhat.com/security/cve/CVE-2020-1953 https://access.redhat.com/security/cve/CVE-2020-7238 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10672 https://access.redhat.com/security/cve/CVE-2020-10673 https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11111 https://access.redhat.com/security/cve/CVE-2020-11112 https://access.redhat.com/security/cve/CVE-2020-11113 https://access.redhat.com/security/cve/CVE-2020-11619 https://access.redhat.com/security/cve/CVE-2020-11620 https://access.redhat.com/security/cve/CVE-2020-14060 https://access.redhat.com/security/cve/CVE-2020-14061 https://access.redhat.com/security/cve/CVE-2020-14062 https://access.redhat.com/security/cve/CVE-2020-14195 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.7.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBXyBKZtzjgjWX9erEAQi36A//TAru3rmOqPcxv1hTEGyaF3hRH4jrvn/T xRMxfu2yfExW5bRSr6GH0+YMpRkdmGVpuZtDwGoQYKIaA7dJ9XyPpBLtszfOe1pu eVoNUrEvy53KnfzxEMrA0cYPpBwXmjd52QH3xaBL0ZqoHPciM8ZuoatCL9YcCUQb mdbPLBTfn9YQL7D993E3gcG2kfgO8hEJrlDXXbMxUCuD1hJ4k2g8uvuz0IPwunQC KSe4baOZUmvUheimDzybBIdSUBlNp/OuO9NshSCOwgfYUh3Sln0HEDuUWX3MzlfF 7fDdMAl98ULF0NcElL4MHUVxcaYpwGedAkODkI9s+XXDYvi9Nuhywla2zZ48l+5t ZkN0Wlq2OE24ELjd6xE9EfCdkfABz/sOqlr3tAaH5JBXtVhgC1e15psXqVAxIR+J ePzvbYFsZXtX8klx3QF4PHh1jRILOUOy5DHZV7aSRB3bj+g4ICB96N7M4m4Qcepm s09Qn2F0DngSOvwPnO2Cltl1K07wiG2q7Y5s3INoIFQFrB88RQw6cgJWDPH5OVZ0 N7LpgYANPzL5rkvoZybTVM8oBAGfVSrIGeHq35icuivXyz/M4DAa8bVaCvReP3ai MGUG/y0fczE2ajNlHcjQJHETbIctedeIb6ojHuBvs3g6219wrqMskkZURSUtC0Tv wFoh8mUDRG4=5qqZ -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202006-1826" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202006-1826" aria-expanded="false" aria-controls="collapseJsonvar-202006-1826"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202006-1826&t=Vulnerability var-202006-1826" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202006-1826&title=Vulnerability var-202006-1826" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202006-1826&url=https://vulnerability.circl.lu/vuln/var-202006-1826" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202006-1826&title=Vulnerability var-202006-1826" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202006-1826&description=Vulnerability var-202006-1826" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202006-1826&title=Vulnerability var-202006-1826" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202006-1826')" vuln-id="var-202006-1826" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202006-1826"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202006-1826">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1826", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "9.5" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.3" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.1" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "steelstore cloud integrated storage", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.2" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.2" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "7.3" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.1" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.5.0" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications calendar server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.5" }, { "model": "jackson-databind", "scope": "eq", "trust": 0.8, "vendor": "fasterxml", "version": "2.9.10.5" }, { "model": "ops center common services", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "(\u6d77\u5916\u8ca9\u58f2\u306e\u307f)" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-006822" }, { "db": "NVD", "id": "CVE-2020-14060" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.5", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "versionStartIncluding": "9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-14060" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "CNNVD", "id": "CNNVD-202006-997" } ], "trust": 0.9 }, "cve": "CVE-2020-14060", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-006822", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-166901", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-14060", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-006822", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-14060", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2020-006822", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202006-997", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-166901", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-14060", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-166901" }, { "db": "VULMON", "id": "CVE-2020-14060" }, { "db": "JVNDB", "id": "JVNDB-2020-006822" }, { "db": "CNNVD", "id": "CNNVD-202006-997" }, { "db": "NVD", "id": "CVE-2020-14060" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.5. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat Fuse 7.7.0 release and security update\nAdvisory ID: RHSA-2020:3192-01\nProduct: Red Hat JBoss Fuse\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3192\nIssue date: 2020-07-28\nCVE Names: CVE-2016-4970 CVE-2018-3831 CVE-2018-11797\n CVE-2018-12541 CVE-2018-1000632 CVE-2019-0231\n CVE-2019-3797 CVE-2019-9511 CVE-2019-9827\n CVE-2019-10086 CVE-2019-10172 CVE-2019-12086\n CVE-2019-12400 CVE-2019-14540 CVE-2019-14888\n CVE-2019-14892 CVE-2019-14893 CVE-2019-16335\n CVE-2019-16942 CVE-2019-16943 CVE-2019-17267\n CVE-2019-17531 CVE-2019-17573 CVE-2019-20330\n CVE-2019-20444 CVE-2019-20445 CVE-2020-1745\n CVE-2020-1757 CVE-2020-1953 CVE-2020-7238\n CVE-2020-8840 CVE-2020-9546 CVE-2020-9547\n CVE-2020-9548 CVE-2020-10672 CVE-2020-10673\n CVE-2020-10968 CVE-2020-10969 CVE-2020-11111\n CVE-2020-11112 CVE-2020-11113 CVE-2020-11619\n CVE-2020-11620 CVE-2020-14060 CVE-2020-14061\n CVE-2020-14062 CVE-2020-14195\n====================================================================\n1. Summary:\n\nA minor version update (from 7.6 to 7.7) is now available for Red Hat Fuse. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nThis release of Red Hat Fuse 7.7.0 serves as a replacement for Red Hat Fuse\n7.6, and includes bug fixes and enhancements, which are documented in the\nRelease Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)\n\n* dom4j (CVE-2018-1000632)\n\n* elasticsearch (CVE-2018-3831)\n\n* pdfbox (CVE-2018-11797)\n\n* vertx (CVE-2018-12541)\n\n* spring-data-jpa (CVE-2019-3797)\n\n* mina-core (CVE-2019-0231)\n\n* jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540\nCVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943\nCVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619\nCVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)\n\n* jackson-mapper-asl (CVE-2019-10172)\n\n* hawtio (CVE-2019-9827)\n\n* undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)\n\n* santuario (CVE-2019-12400)\n\n* apache-commons-beanutils (CVE-2019-10086)\n\n* cxf (CVE-2019-17573)\n\n* apache-commons-configuration (CVE-2020-1953)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. \n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1728604 - CVE-2019-9827 hawtio: server side request forgery via initial /proxy/ substring of a URI\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource\n1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig\n1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package\n1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package\n1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package\n1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*\n1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource\n1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source\n1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default\n1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS\n1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*\n1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page\n1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header\n1798524 - CVE-2019-20444 netty: HTTP request smuggling\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1815212 - CVE-2020-1953 apache-commons-configuration: uncontrolled class instantiation when loading YAML files\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory\n1848960 - CVE-2020-14060 jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool\n1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool\n1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-4970\nhttps://access.redhat.com/security/cve/CVE-2018-3831\nhttps://access.redhat.com/security/cve/CVE-2018-11797\nhttps://access.redhat.com/security/cve/CVE-2018-12541\nhttps://access.redhat.com/security/cve/CVE-2018-1000632\nhttps://access.redhat.com/security/cve/CVE-2019-0231\nhttps://access.redhat.com/security/cve/CVE-2019-3797\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9827\nhttps://access.redhat.com/security/cve/CVE-2019-10086\nhttps://access.redhat.com/security/cve/CVE-2019-10172\nhttps://access.redhat.com/security/cve/CVE-2019-12086\nhttps://access.redhat.com/security/cve/CVE-2019-12400\nhttps://access.redhat.com/security/cve/CVE-2019-14540\nhttps://access.redhat.com/security/cve/CVE-2019-14888\nhttps://access.redhat.com/security/cve/CVE-2019-14892\nhttps://access.redhat.com/security/cve/CVE-2019-14893\nhttps://access.redhat.com/security/cve/CVE-2019-16335\nhttps://access.redhat.com/security/cve/CVE-2019-16942\nhttps://access.redhat.com/security/cve/CVE-2019-16943\nhttps://access.redhat.com/security/cve/CVE-2019-17267\nhttps://access.redhat.com/security/cve/CVE-2019-17531\nhttps://access.redhat.com/security/cve/CVE-2019-17573\nhttps://access.redhat.com/security/cve/CVE-2019-20330\nhttps://access.redhat.com/security/cve/CVE-2019-20444\nhttps://access.redhat.com/security/cve/CVE-2019-20445\nhttps://access.redhat.com/security/cve/CVE-2020-1745\nhttps://access.redhat.com/security/cve/CVE-2020-1757\nhttps://access.redhat.com/security/cve/CVE-2020-1953\nhttps://access.redhat.com/security/cve/CVE-2020-7238\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10672\nhttps://access.redhat.com/security/cve/CVE-2020-10673\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11111\nhttps://access.redhat.com/security/cve/CVE-2020-11112\nhttps://access.redhat.com/security/cve/CVE-2020-11113\nhttps://access.redhat.com/security/cve/CVE-2020-11619\nhttps://access.redhat.com/security/cve/CVE-2020-11620\nhttps://access.redhat.com/security/cve/CVE-2020-14060\nhttps://access.redhat.com/security/cve/CVE-2020-14061\nhttps://access.redhat.com/security/cve/CVE-2020-14062\nhttps://access.redhat.com/security/cve/CVE-2020-14195\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.7.0\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXyBKZtzjgjWX9erEAQi36A//TAru3rmOqPcxv1hTEGyaF3hRH4jrvn/T\nxRMxfu2yfExW5bRSr6GH0+YMpRkdmGVpuZtDwGoQYKIaA7dJ9XyPpBLtszfOe1pu\neVoNUrEvy53KnfzxEMrA0cYPpBwXmjd52QH3xaBL0ZqoHPciM8ZuoatCL9YcCUQb\nmdbPLBTfn9YQL7D993E3gcG2kfgO8hEJrlDXXbMxUCuD1hJ4k2g8uvuz0IPwunQC\nKSe4baOZUmvUheimDzybBIdSUBlNp/OuO9NshSCOwgfYUh3Sln0HEDuUWX3MzlfF\n7fDdMAl98ULF0NcElL4MHUVxcaYpwGedAkODkI9s+XXDYvi9Nuhywla2zZ48l+5t\nZkN0Wlq2OE24ELjd6xE9EfCdkfABz/sOqlr3tAaH5JBXtVhgC1e15psXqVAxIR+J\nePzvbYFsZXtX8klx3QF4PHh1jRILOUOy5DHZV7aSRB3bj+g4ICB96N7M4m4Qcepm\ns09Qn2F0DngSOvwPnO2Cltl1K07wiG2q7Y5s3INoIFQFrB88RQw6cgJWDPH5OVZ0\nN7LpgYANPzL5rkvoZybTVM8oBAGfVSrIGeHq35icuivXyz/M4DAa8bVaCvReP3ai\nMGUG/y0fczE2ajNlHcjQJHETbIctedeIb6ojHuBvs3g6219wrqMskkZURSUtC0Tv\nwFoh8mUDRG4=5qqZ\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2020-14060" }, { "db": "JVNDB", "id": "JVNDB-2020-006822" }, { "db": "VULHUB", "id": "VHN-166901" }, { "db": "VULMON", "id": "CVE-2020-14060" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "158636" } ], "trust": 2.07 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-14060", "trust": 2.9 }, { "db": "PACKETSTORM", "id": "158651", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-006822", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202006-997", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.2280", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2588", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2619", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "NSFOCUS", "id": "48649", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "158650", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-166901", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-14060", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158636", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-166901" }, { "db": "VULMON", "id": "CVE-2020-14060" }, { "db": "JVNDB", "id": "JVNDB-2020-006822" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "CNNVD", "id": "CNNVD-202006-997" }, { "db": "NVD", "id": "CVE-2020-14060" } ] }, "id": "VAR-202006-1826", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-166901" } ], "trust": 0.01 }, "last_update_date": "2024-02-13T01:18:25.955000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Block one more gadget type (apache-drill, CVE-2020-14060) #2688", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2688" }, { "title": "hitachi-sec-2020-125", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-125/index.html" }, { "title": "hitachi-sec-2020-125", "trust": 0.8, "url": "https://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2020-125/index.html" }, { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=122483" }, { "title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory" }, { "title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-125" }, { "title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109" }, { "title": "Cubed", "trust": 0.1, "url": "https://github.com/yahoo/cubed " }, { "title": "SecBooks\nSecBooks\u76ee\u5f55", "trust": 0.1, "url": "https://github.com/sexybeast233/secbooks " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-14060" }, { "db": "JVNDB", "id": "JVNDB-2020-006822" }, { "db": "CNNVD", "id": "CNNVD-202006-997" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-166901" }, { "db": "JVNDB", "id": "JVNDB-2020-006822" }, { "db": "NVD", "id": "CVE-2020-14060" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20200702-0003/" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2688" }, { "trust": 1.8, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060" }, { "trust": 1.1, "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14060" }, { "trust": 0.7, "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/48649" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2280/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affects-ibm-operations-analytics-predictive-insights-cve-2019-14060-cve-2019-14661-cve-2019-14662/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-code-execution-via-apache-drill-32685" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2588/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2619/" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11112" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-9547" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11113" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-10968" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-17573" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-9546" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14060" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-10672" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14061" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11619" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-20445" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-10673" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-9548" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-20444" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14062" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-8840" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-10969" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11620" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-20330" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-7238" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11111" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445" }, { "trust": 0.2, "url": "https://access.redhat.com/errata/rhsa-2020:3196" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-13990" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9512" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12406" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9514" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9515" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9518" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16869" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12423" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-11612" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-10086" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/yahoo/cubed" }, { "trust": 0.1, "url": "https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-125/index.html" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3197" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16335" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16943" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3831" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17531" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-12541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4970" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9827" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14540" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1745" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9511" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10172" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1953" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1757" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17267" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14893" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14888" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12400" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14892" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3192" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14195" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888" } ], "sources": [ { "db": "VULHUB", "id": "VHN-166901" }, { "db": "VULMON", "id": "CVE-2020-14060" }, { "db": "JVNDB", "id": "JVNDB-2020-006822" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "CNNVD", "id": "CNNVD-202006-997" }, { "db": "NVD", "id": "CVE-2020-14060" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-166901" }, { "db": "VULMON", "id": "CVE-2020-14060" }, { "db": "JVNDB", "id": "JVNDB-2020-006822" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "CNNVD", "id": "CNNVD-202006-997" }, { "db": "NVD", "id": "CVE-2020-14060" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-14T00:00:00", "db": "VULHUB", "id": "VHN-166901" }, { "date": "2020-06-14T00:00:00", "db": "VULMON", "id": "CVE-2020-14060" }, { "date": "2020-07-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-006822" }, { "date": "2020-07-29T17:52:58", "db": "PACKETSTORM", "id": "158650" }, { "date": "2020-07-29T17:53:05", "db": "PACKETSTORM", "id": "158651" }, { "date": "2020-07-29T00:05:59", "db": "PACKETSTORM", "id": "158636" }, { "date": "2020-06-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202006-997" }, { "date": "2020-06-14T21:15:09.817000", "db": "NVD", "id": "CVE-2020-14060" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-17T00:00:00", "db": "VULHUB", "id": "VHN-166901" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2020-14060" }, { "date": "2020-08-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-006822" }, { "date": "2022-06-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202006-997" }, { "date": "2023-11-07T03:17:05.777000", "db": "NVD", "id": "CVE-2020-14060" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202006-997" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind Unreliable data deserialization vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-006822" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202006-997" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202006-1827">var-202006-1827</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.5. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:</p> <p>Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. </p> <p>It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. </p> <p>The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>==================================================================== <br /> Red Hat Security Advisory</p> <p>Synopsis: Important: Satellite 6.8 release Advisory ID: RHSA-2020:4366-01 Product: Red Hat Satellite 6 Advisory URL: https://access.redhat.com/errata/RHSA-2020:4366 Issue date: 2020-10-27 CVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781 CVE-2019-16782 CVE-2020-5216 CVE-2020-5217 CVE-2020-5267 CVE-2020-7238 CVE-2020-7663 CVE-2020-7942 CVE-2020-7943 CVE-2020-8161 CVE-2020-8184 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10693 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195 CVE-2020-14334 CVE-2020-14380 ==================================================================== 1. Summary:</p> <p>An update is now available for Red Hat Satellite 6.8 for RHEL 7. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Relevant releases/architectures:</li> </ol> <p>Red Hat Satellite 6.7 - noarch, x86_64 Red Hat Satellite Capsule 6.8 - noarch, x86_64</p> <ol> <li>Description:</li> </ol> <p>Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. </p> <p>Security Fix(es):</p> <ul> <li>mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) (CVE-2018-3258)</li> <li>netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)</li> <li>rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7663)</li> <li>puppet: puppet server and puppetDB may leak sensitive information via metrics API (CVE-2020-7943)</li> <li>jackson-databind: multiple serialization gadgets (CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)</li> <li>foreman: unauthorized cache read on RPM-based installations through local user (CVE-2020-14334)</li> <li>Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover (CVE-2020-14380)</li> <li>Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS (CVE-2019-12781)</li> <li>rubygem-rack: hijack sessions by using timing attacks targeting the session id (CVE-2019-16782)</li> <li>rubygem-secure_headers: limited header injection when using dynamic overrides with user input (CVE-2020-5216)</li> <li>rubygem-secure_headers: directive injection when using dynamic overrides with user input (CVE-2020-5217)</li> <li>rubygem-actionview: views that use the <code>j</code> or <code>escape_javascript</code> methods are susceptible to XSS attacks (CVE-2020-5267)</li> <li>puppet: Arbitrary catalog retrieval (CVE-2020-7942)</li> <li>rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)</li> <li>rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names (CVE-2020-8184)</li> <li>hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)</li> <li>puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL (CVE-2018-11751)</li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. </p> <p>Additional Changes:</p> <ul> <li> <p>Provides the Satellite Ansible Modules that allow for full automation of your Satellite configuration and deployment. </p> </li> <li> <p>Adds ability to install Satellite and Capsules and manage hosts in a IPv6 network environment</p> </li> <li> <p>Ansible based Capsule Upgrade automation: Ability to centrally upgrade all of your Capsule servers with a single job execution. </p> </li> <li> <p>Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest version of Puppet</p> </li> <li> <p>Support for HTTP UEFI provisioning</p> </li> <li> <p>Support for CAC card authentication with Keycloak integration</p> </li> <li> <p>Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8 using the LEAPP based tooling. </p> </li> <li> <p>Support for Red Hat Enterprise Linux Traces integration</p> </li> <li> <p>satellite-maintain & foreman-maintain are now self updating</p> </li> <li> <p>Notifications in the UI to warn users when subscriptions are expiring. </p> </li> </ul> <p>The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. </p> <ol> <li>Solution:</li> </ol> <p>Before applying this update, make sure all previously released errata relevant to your system have been applied. </p> <p>For details on how to apply this update, refer to:</p> <p>https://access.redhat.com/articles/11258</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1160344 - [RFE] Satellite support for cname as alternate cname for satellite server 1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems 1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy 1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt 1398317 - For the vms built by Satellite 6 using "Network Based" installation mode on VMWare, unable to change the boot sequence via BIOS 1410616 - [RFE] Prominent notification of expiring subscriptions. 1410916 - Should only be able to add repositories you have access to 1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3 1461781 - [RFE]A button should be available in the GUI to clear the recurring logics. 1469267 - need updated rubygem-rake 1486446 - Content view versions list has slow query for package count 1486696 - 'hammer host update' removes existing host parameters 1494180 - Sorting by network address for subnet doesn't work properly 1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost 1503037 - [RFE] Cancelled future/recurring job invocations should not get the status "failed" but rather "cancelled" 1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for "172.17.0.101" 1531674 - Operating System Templates are ordered inconsistently in UI. 1537320 - [RFE] Support for Capsules at 1 version lower than Satellite 1543316 - Satellite 6.2 Upgrade Fails with error "rake aborted! NoMethodError: undefined method <code>first' for nil:NilClass" when there are custom bookmarks created 1563270 - Sync status information is lost after cleaning up old tasks related to sync. 1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers ('ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES256-GCM-SHA384') 1571907 - Passenger threads throwing tracebacks on API jobs after spawning 1576859 - [RFE] Implement automatic assigning subnets through data provided by facter 1584184 - [RFE] The locked template is getting overridden by default 1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box 1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template 1608001 - Rearrange search/filter options on Red Hat Repositories page. 1613391 - race condition on removing multiple organizations simultaneously 1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot 1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version 1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui 1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization 1625258 - Having empty "Allocation (GB)" when creating a new Host, nil:NilClass returned on creating the Host 1627066 - Unable to revert to the original version of the provisioning template 1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules 1630536 - yum repos password stored as cleartext 1632577 - Audit log show 'missing' for adding/removing repository to a CV 1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) 1645062 - host_collection controller responds with 200 instead of 201 to a POST request 1645749 - repositories controller responds with 200 instead of 201 to a POST request 1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build 1647364 - [RFE] Extend the audits by the http request id 1647781 - Audits contain no data (Added foo to Missing(ID: x)) 1651297 - Very slow query when using facts on user roles as filters 1653217 - [RFE] More evocative name for Play Ansible Roles option? 1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks 1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role, 1659418 - katello-tracer-upload failing with error "ImportError: No module named katello" 1665277 - subscription manager register activation key with special character failed 1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal 1666693 - Command "hammer subscription list" is not correctly showing the comment "Guests of " in the "Type" field in the output. 1677907 - Ansible API endpoints return 404 1680157 - [RFE] Puppet 'package' provider type does not support selecting modularity streams 1680458 - Locked Report Templates are getting removed. 1680567 - Reporting Engine API to list report template per organization/location returns 404 error 1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite 1685949 - [RFE] Support passing of attribute name instead of Id's in RHV workflow 1687116 - kernel version checks should not use /lib/modules to determine running version 1688886 - subscription-manager not attaching the right quantity per the cpu core 1691416 - Delays when many clients upload tracer data simultaneously 1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself 1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don't match runtime permissions 1705097 - An empty report file doesn't show any headers 1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service 1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed 1710511 - Filter by os_minor includes unexpected values on the Satellite web UI. 1715999 - Use Infoblox API for DNS conflict check and not system resolver 1716423 - Nonexistent quota can be set 1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page 1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array 1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally 1719509 - [RFE] "hammer host list" including erratas information 1719516 - [RFE] "hammer host-collection hosts" including erratas information 1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition 1721419 - SSH key cannot be added when FIPS enabled 1722954 - Slow performance when running "hammer host list" with a high number of Content Hosts (15k+ for example) 1723313 - foreman_tasks:cleanup description contain inconsistent information 1724494 - [Capsule][smart_proxy_dynflow_core] "PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start" 1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS 1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name 1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear 1730083 - [RFE] Add Jobs button to host detail page 1731155 - Cloud init template missing snippet compared to Kickstart default user data 1731229 - podman search against Red Hat Satellite 6 fails. 1731235 - [RFE] Create Report Template to list inactive hosts 1733241 - [RFE] hammer does not inherit parent location information 1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN 1736809 - undefined method</code>split' for nil:NilClass when viewing the host info with hammer 1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host. 1737564 - [RFE] Support custom images on Azure 1738548 - Parameter --openscap-proxy-id is missing in hammer host create command. 1740943 - Increasing Ansible verbosity level does not increase the verbosity of output 1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location. 1743776 - Error while deleting the content view version. 1745516 - Multiple duplicate index entries are present in candlepin database 1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI. 1749692 - Default Rhel8 scap content does not get populated on the Satellite 1749916 - [RFE] Satellite should support certificates with > 2048 Key size 1751981 - Parent object properties are not propagated to Child objects in Location and Host Group 1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command 1753551 - Traces output from Satellite GUI has mismatches with client tracer output 1756991 - 2 inputs with same name -> uninitialized constant #<Class:0x000000000b894c38>::NonUniqueInputsError 1757317 - [RFE] Dynflow workers extraction 1757394 - [BUG] Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via Satellite 6 API 1759160 - Rake task for cleaning up DHCP records on proxy 1761872 - Disabled buttons are still working 1763178 - [RFE] Unnecessary call to userhelp and therefore log entries 1763816 - [RFE] Report which users access the API 1766613 - Fact search bar broken and resets to only searching hostname 1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting 1767497 - Compute Resource filter does not correctly allow Refresh Cache 1767635 - [RFE] Enable Organization and Location to be entered not just selected 1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer. 1770544 - Puppet run job notification do not populate "%{puppet_options}"' value 1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method <code>[]' for nil:NilClass 1771367 - undefined method</code>request_uri' when Openidc Provider Token Endpoint is none 1771428 - Openscap documentation link on Satellite 6 webui is broke 1771484 - Client side documentation links are not branded 1771693 - 'Deployed on' parameter is not listed in API output 1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order 1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again 1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt 1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare 1774710 - UI: When selecting the server type in ldap authentication, "attribute mappings" fields could be populated automatically 1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines) 1778503 - Prepended text on OS name creation 1778681 - Some pages are missing title in html head 1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI. 1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly 1782352 - [RHEL 8.1 client] All packages are not getting updated after click on "Update All Packages" 1782426 - Viewing errata from a repository returns incorrect unfiltered results 1783568 - [RFE] - Bulk Tracer Remediation 1783882 - Ldap refresh failed with "Validation failed: Adding would cause a cycle!" 1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log 1784341 - disable CertificateRevocationListTask job in candlepin.conf by default 1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file 1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6. 1785624 - [UI] Importing templates with associate 'never' is not resulting as expected 1785683 - Does not load datacenter when multiple compute resources are created for same VCenter 1785902 - Ansible RunHostJob tasks failed with "Failed to initialize: NoMethodError - undefined method <code>[]' for nil:NilClass" 1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date 1787329 - change filename in initrd live CPIO archive to fdi.iso 1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL 1788958 - [RFE] add "elapsed time" column to export and hammer, make it filterable in WebUI 1789006 - Smart proxy dynflow core listens on 0.0.0.0 1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id 1789434 - Template editor not always allows refreshing of the preview pane 1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely 1789686 - Non-admin user with enough permissions can't generate report of applicable errata 1789815 - The "start" parameter should be mentioned inside "--compute-attributes:" in hammer_cli for Satellite 6 1789911 - "foreman-rake katello:publish_unpublished_repositories" is referring to column which no longer exists in katello_repositories table. 1789924 - [RFE] As user I want to see a "disabled" status for Simple Content Access (Golden Ticketed) Orgs 1791654 - drop config_templates api endpoints and parameters 1791656 - drop deprecated host status endpoint 1791658 - drop reports api endpoint 1791659 - Remove</code>use_puppet_default<code>api params 1791663 - remove deprecated permissions api parameters 1791665 - drop deprecated compute resource uuid parameter 1792131 - [UI] Could not specify organization/location for users that come from keycloak 1792135 - Not able to login again if session expired from keycloak 1792174 - [RFE] Subscription report template 1792304 - When generating custom report, leave output format field empty 1792378 - [RFE] Long role names are cut off in the roles UI 1793951 - [RFE] Display request UUID on audits page 1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists 1794346 - Change the label for the flashing eye icon during user impersonation 1794641 - Sync status page's content are not being displayed properly. 1795809 - HTML tags visible on paused task page 1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled 1796205 - iso upload: correctly check if upload directory exists 1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1796259 - loading subscriptions page is very slow 1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode 1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout 1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server 1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state. 1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host 1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input 1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input 1802529 - Repository sync in tasks page shows percentage in 17 decimal points 1802631 - Importing Ansible variables yields NoMethodError: undefined method</code>map' for nil:NilClass (initialize_variables) [variables_importer.rb] 1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none 1804496 - While performing bulk actions, unable to select all tasks under Monitor --> Tasks page. 1804651 - Missing information about "Create Capsule" via webUI 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7 1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error 1806842 - Disabling dynflow_enable_console from setting should hide "Dynflow console" in Tasks 1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method <code>mtu' 1807042 - [RFE] Support additional disks for VM on Azure Compute Resource 1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics. 1807829 - Generated inventory file doesn't exist 1807946 - Multiple duplicate index entries are present in foreman database 1808843 - Satellite lists unrelated RHV storage domains using v4 API 1810250 - Unable to delete repository - Content with ID could not be found 1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd 1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection 1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic "errata" page instead 1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units 1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana's API specification 1812904 - 'Hypervisors' task fails with 'undefined method</code>[]' for nil:NilClass' error 1813005 - Prevent --tuning option to be applied in Capsule servers 1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker) 1814095 - Applicable errata not showing up for module stream errata 1815104 - Locked provisioning template should not be allowed to add audit comment 1815135 - hammer does not support description for custom repositories 1815146 - Backslash escapes when downloading a JSON-formatted report multiple times 1815608 - Content Hosts has Access to Content View from Different Organization 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1816699 - Satellite Receptor Installer role can miss accounts under certain conditions 1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval 1816853 - Report generated by Red Hat Inventory Uploads is empty. 1817215 - Admin must be able to provide all the client ids involved inside Satellite settings. 1817224 - Loading one org's content view when switching to a different org 1817481 - Plugin does not set page <title> 1817728 - Default task polling is too frequent at scale 1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com. 1818062 - Deprecated message about katello agent being shown on content host registration page 1818816 - Web console should open in a new tab/window 1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.<em>.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1820193 - Deleted Global Http Proxy is still being used during repository sync. 1820245 - reports in JSON format can't handle unicode characters 1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512 1821335 - Inventory plugin captures information for systems with any entitlement 1821457 - [RFE] Capsules shouldn't update hosts' "Registered through" facts on the Satellite server in a load-balanced configuration. 1821629 - Eager zero seems to do nothing 1821651 - Manifest import task progress remains at 0. 1821752 - New version of the plugin is available: 1.0.5 1822039 - Get HTTP error when deploying the virt-who configure plugin 1822560 - Unable to sync large openshift docker repos 1823905 - Update distributor version to sat-6.7 1823991 - [RFE] Add a more performant way to sort reports 1824183 - Virtual host get counted as physical hosts on cloud.redhat.com 1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes "Blank" 1825760 - schedule inventory plugin sync failed due to 'organization_id' typecasting issue. 1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy 1825978 - Manifest refresh failed with 'Katello::Errors::CandlepinError Invalid credentials.' error 1826298 - even when I cancel ReX job, remediation still shows it as running 1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images 1826515 - [RFE] Consume Candlepin events via STOMP 1826625 - Improve performance of externalNodes 1826678 - New version of the plugin is available: 2.0.6 1826734 - Tasks uses wrong controller name for bookmarks 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories 1827583 - Installing dhcp_isc and dhcp_remote_isc fails with "You cannot specify the same gem twice with different version requirements.....You specified: rsec (< 1) and rsec (>= 0)" 1828257 - Receptor init file missing [Install] section, receptor service won't run after restart 1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API 1828549 - Manifest Certificate Exposed by Unprivileged User 1828682 - Create compute resource shows console error 'Cannot read property 'aDataSort' of undefined' 1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default 1828868 - Add keep alive option in Receptor node 1829487 - Ansible verbosity level does not work 1829766 - undefined method <code>tr' for nil:NilClass when trying to get a new DHCP lease from infoblox 1830253 - Default job templates are not locked 1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time 1830834 - Unable to update default value of a smart class parameter (Sql query error). 1830860 - Refactor loading regions based on subscription dynamically 1830882 - Red Hat Satellite brand icon is missing 1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo 1831528 - CVE-2020-5267 rubygem-actionview: views that use the</code>j<code>or</code>escape_javascript<code>methods are susceptible to XSS attacks 1833031 - Improve RH account ID fetching in cloud connector playbook 1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished) 1833039 - Introduce error code to playbook_run_finished response type 1833311 - "Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid" while creating scap policy with ansible deployment option. 1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of '/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud' returned 1: Error: Nothing to do 1834377 - Disable mongo FTDC 1834866 - Missing macro for "registered_at" host subscription facet 1834898 - Login Page background got centralized and cropped 1835189 - Missing macro for "host_redhat_subscriptions" in host subscription facet 1835241 - Some applicability of the consumers are not recalculated after syncing a repository 1835882 - While executing "Configure Cloud Connector" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting 1836155 - Support follow on rails, travis and i18n work for AzureRm plugin 1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman. 1836774 - Some foreman services failed to start (pulp_streamer) 1836845 - "Generate at" in report template should be current date 1837951 - "invalid Unicode Property \p: /\b\perform various actions through those proxies\b(?!-)/" warning messages appears in dynflow-sidekiq@worker-hosts-queue 1838160 - 'Registered hosts' report does not list kernel release for rhsm clients 1838191 - Arrow position is on left rather in the middle under "Start Time" 1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory 1838917 - Repositories are not showing their available Release versions due to a low default db pool size 1838963 - Hypervisors from Satellite, never makes their way to HBI 1838965 - Product name link is not working on the activation keys "Repository Sets" tab. 1839025 - Configure Cloud Connector relies on information which is no longer provided by the API 1839649 - satellite-installer --reset returns a traceback 1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds 1839779 - undefined local variable or method</code>implicit_order_column' for #<ActiveRecord::Associations::CollectionProxy> on GET request to /discovery_rules endpoint 1839966 - New version of the plugin is available: 2.0.7 1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out . 1840191 - Validate parameters passed by receptor to the receptor-satellite plugin 1840218 - ArgumentError: wrong number of arguments 1840525 - Content host list doesn't update after the successful deletion of content host. 1840635 - Proxy has failed to load one or more features (Realm) 1840723 - Selected scenario is DISABLED, can not continue 1840745 - Satellite installation failed with puppet error " No Puppet module parser is installed" 1841098 - Failed to resolve package dependency while doing satellite upgrade. 1841143 - Known hosts key removal may fail hard, preventing host from being provisioned 1841573 - Clicking breadcrumb "Auth Source Ldaps" on Create LDAP Auth Source results in "The page you were looking for doesn't exist." 1841818 - icons missing on /pub download page 1842900 - ERROR! the role 'satellite-receptor' was not found in ... 1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/ 1843406 - In 6.8, Receptor installation playbook's inputs are visible again 1843561 - Report templates duplicated 1843846 - Host - Registered Content Hosts report: "Safemode doesn't allow to access 'report_hraders' on #<Safemode::ScopeObject>" 1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8 1843926 - satellite-change-hostname fails when running nsupdate 1844142 - [RFE] Drop a subsription-manager fact with the satellite version 1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP 1845486 - [RFE] Able to select 'HTTP Proxy' during Compute Resource create for 'GCE' as similar to EC2 1845860 - hammer org add-provisioning-template command returns Error: undefined method <code>[]' for nil:NilClass 1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1846254 - need to restart services after enabling leapp plugin 1846313 - Add index on locks for resource type and task id 1846317 - undefined method</code>klass' for nil:NilClass 1846421 - build pxe default do not work when more than 1 provider 1846593 - Satellite-installer failed with error "Could not find a suitable provider for foreman_smartproxy" while doing upgrade from 6.7 to 6.8 1847019 - Empty applicability for non-modular repos 1847063 - Slow manifest import and/or refresh 1847407 - load_pools macro not in list of macros 1847645 - Allow override of Katello's DISTRIBUTOR_VERSION 1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details. 1847840 - Libvirt note link leads to 404 1847871 - Combined Profile Update: ArgumentError: invalid argument: nil. 1848291 - Download kernel/initram for kexec asynchronously 1848535 - Unable to create a pure IPv6 host 1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8) 1848902 - ERF42-0258 [Foreman::Exception]: <uuid> is not valid, enter id or name 1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory 1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool 1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms 1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule 1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names 1849656 - ERROR! You cannot use loops on 'import_tasks' statements. You should use 'include_tasks' instead. 1849680 - Task progress decimal precision discrepancy between UI, CLI, and API 1849869 - Unable to recycle the dynflow executor 1850355 - Auth Source Role Filters are not working in Satellite 6.8 1850536 - Can't add RHEV with APIv3 through Hammer 1850914 - Checksum type "sha256" is not available for all units in the repository. Make sure those units have been downloaded 1850934 - Satellite-installer failed with error "Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)" 1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates 1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9 1851167 - Autoattach -> "undefined" subscription added 1851176 - Subscriptions do not provide any repository sets 1851952 - "candlepin_events FAIL Not running" and wont restart 1852371 - Allow http proxy ports by default 1852723 - Broken link for documentation on installation media page 1852733 - Inventory upload documentation redirects to default location 1852735 - New version of the plugin is available: 2.0.8 1853076 - large capsule syncs cause slow processing of dynflow tasks/steps 1853200 - foreman-rake-db:migrate Fails on "No indexes found on foreman_tasks_locks with the options provided" 1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7 1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh 1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views 1853572 - Broken documentation link for 'RHV' in Compute Resource 1854138 - System purpose status should show as 'disabled' when Satellite is in Simple Content Access mode. 1854397 - Compliance reports are not being uploaded to satellite. 1854530 - PG::NotNullViolation when syncing hosts from cloud 1855008 - Host parameters are set after the host is created. 1855254 - Links to documentation broken in HTTP Proxies setup 1855348 - katello_applicability accidentally set to true at install 1855710 - 'Ensure RPM repository is configured and enabled' task says 'FIXME' 1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page. 1856379 - Add missing VM creation tests 1856401 - [RFE] Add module to create HTTP Proxy 1856831 - New version of the plugin is available: 2.0.9 1856837 - undefined method '#httpboot' for NilClass::Jail (NilClass) when creating an IPv6 only host 1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500 1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos 1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos 1857377 - Capsule Upgrade Playbook fails with "Failed to initialize: NoMethodError - undefined method <code>default_capsule' for Katello:Module" 1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError 1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename. 1857726 - Warnings are shown during the satellite package installation on RHEL 7.9 1858237 - Upgraded Satellite has duplicated katello_pools indexes 1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user 1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite 1858855 - Creating compute resources on IPV6 network does not fail gracefully 1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf 1859194 - load_hosts macro duplicated in a list of macros 1859276 - Need to update the deprecation warning message on Statistics and Trends page. 1859705 - Tomcat is not running on fresh Capsule installation 1859929 - User can perform other manifest actions while the first one starts 1860351 - 'Host - compare content hosts packages' report fails with error 'undefined method '#first' for NilClass' 1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed 1860422 - Host with remediations can't be removed 1860430 - 'Host - compare content hosts packages' report: Safemode doesn't allow to access 'version'... 1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service 1860519 - Browsing capsule /pub directory with https fails with forbidden don't have permission to access /pub/ error. 1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8 1860587 - Documentation link in Administer -> About pointing to 6.6 document. 1860835 - Installed Packages not displayed on About page 1860957 - Unable to select an organization for sync management 1861367 - Import Template sync never completes 1861397 - UI dialog for Capsule Upgrade Playbook job doesn't state whitelist_options is required 1861422 - Error encountered while handling the response, replying with an error message ('plugin_config') 1861656 - smart-proxy-openscap-send command fails to upload reports to satellite. 1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request 1861766 - Add ability to list traces by host with hammer 1861807 - Cancel/Abort button should be disabled once REX job is finish 1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer 1861831 - satellite-change-hostname cannot change the satellite hostname after failing. 1861890 - Recommended repos do not match Satellite version 1861970 - Content -> Product doesn't work when no organization is selected 1862135 - updating hosts policy using bulk action fails with sql error 1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite. 1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6 1865871 - Obfuscated hosts do not have domain reported 1865872 - Templates doc - examples on onepage.html are not processed 1865874 - Add inventory status to host 1865876 - Make recommendations count in hosts index a link 1865879 - Add automatic scheduler for insights sync 1865880 - Add an explanation how to enable insights sync 1865928 - Templates documentation help page has hard-coded Satellite setting value 1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently 1866029 - Templates DSL documentation: Parts of description are put in <pre> tag 1866436 - host search filter does not work in job invocation page 1866461 - Run action is missing in job templates page 1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page 1866700 - Hammer CLI is missing "resolve" (traces) option for katello-tracer 1866710 - Wrong API endpoint path referenced for resolving host traces 1867239 - hammer content-view version incremental-update fails with ISE 1867287 - Error Row was updated or deleted by another transaction when deleting docker repository 1867311 - Upgrade fails when checkpoint_segments postgres parameter configured 1867399 - Receptor-satellite isn't able to deal with jobs where all the hosts are unknown to satellite 1867895 - API Create vmware ComputeResource fails with "Datacenter can't be blank" 1868183 - Unable to change virt-who hypervisor location. 1868971 - Receptor installation job doesn't properly escape data it puts into receptor.conf 1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)' messages come in upgrade and installation. 1869812 - Tasks fail to complete under load 1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow 1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found) 1871434 - theme css ".container" class rule is too generic 1871729 - ansible-runner implementation depends on third party repository for ansible-runner package. 1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout 1871978 - Bug in provisioning_template Module 1872014 - Enable web console on host error in "Oops, we're sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console" 1872041 - Host search returns incorrect result 1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result 1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover 1874143 - Red Hat Inventory Uploads does not use proxy 1874160 - Changing Content View of a Content Host needs to better inform the user around client needs 1874168 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception' 1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file 1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts) 1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow 1874176 - Unable to search by value of certain Hostgroup parameter 1874422 - Hits Sync uses only old proxy setting 1874619 - Hostgroup tag is never reported in slice 1875357 - After upgrade server response check failed for candlepin. 1875426 - Azure VM provision fails with error</code>requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url` 1875660 - Reporting Template macros host_cores is not working as expected 1875667 - Audit page list incorrect search filter 1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only 1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding 1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries 1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-</em>.csv 1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-<em>.csv 1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-</em>.csv 1878194 - In Capsule upgrade, "yum update" dump some error messages. 1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled 1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections 1878850 - creating host from hg doesn't resolves the user-data template 1879151 - Remote execution status not updating with large number of hosts 1879448 - Add hits details to host details page 1879451 - Stop uploading if Satellite's setting is disconnected 1879453 - Add plugin version to report metadata 1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP 1880637 - [6.8] satellite-installer always runs upgrade steps 1881066 - Safemode doesn't allow to access 'host_cores' on #<Safemode::ScopeObject> 1881078 - Use Passenger instead of Puma as the Foreman application server 1881988 - [RFE] IPv6 support for Satellite 6.8 1882276 - Satellite installation fails at execution of '/usr/sbin/foreman-rake -- config -k 'remote_execution_cockpit_url' -v '/webcon/=%{host}'' 1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results 1883093 - installer-upgrade failed with error "Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)" 1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error "HTTP error (500 - Internal Server Error): Unable to register system, not all services available" 1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals 1887489 - Insights rules can't be loaded on freshly installed Satellite system 1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO</p> <ol> <li>Package List:</li> </ol> <p>Red Hat Satellite Capsule 6.8:</p> <p>Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm</p> <p>noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-nodes-child-2.21.3-1.el7sat.noarch.rpm pulp-nodes-common-2.21.3-1.el7sat.noarch.rpm pulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm</p> <p>x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm</p> <p>Red Hat Satellite 6.7:</p> <p>Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm candlepin-3.1.21-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm foreman-selinux-2.1.2.3-1.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pcp-mmvstatsd-0.4-2.el7sat.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-aiohttp-3.6.2-4.el7ar.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-async-timeout-3.0.1-2.el7ar.src.rpm python-attrs-19.3.0-3.el7ar.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-chardet-3.0.4-10.el7ar.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-dateutil-2.8.1-2.el7ar.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-idna-2.4-2.el7ar.src.rpm python-idna-ssl-1.1.0-2.el7ar.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-multidict-4.7.4-2.el7ar.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-prometheus-client-0.7.1-2.el7ar.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-receptor-satellite-1.2.0-1.el7sat.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-six-1.11.0-8.el7ar.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-typing-extensions-3.7.4.1-2.el7ar.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-yarl-1.4.2-2.el7ar.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm receptor-0.6.3-1.el7ar.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm rubygem-facter-2.4.1-2.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm rubygem-passenger-4.0.18-24.el7sat.src.rpm rubygem-rack-1.6.12-1.el7sat.src.rpm rubygem-rake-0.9.2.2-41.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm tfm-rubygem-audited-4.9.0-3.el7sat.src.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm tfm-rubygem-builder-3.2.4-1.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm tfm-rubygem-crass-1.0.6-1.el7sat.src.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm tfm-rubygem-deface-1.5.3-2.el7sat.src.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm tfm-rubygem-excon-0.58.0-3.el7sat.src.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm tfm-rubygem-facter-2.4.0-6.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm tfm-rubygem-fx-0.5.0-1.el7sat.src.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm tfm-rubygem-git-1.5.0-1.el7sat.src.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-3.3.0-1.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-locale-2.0.9-13.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm tfm-rubygem-mail-2.7.1-1.el7sat.src.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm tfm-rubygem-os-1.0.0-1.el7sat.src.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm tfm-rubygem-pg-1.1.4-2.el7sat.src.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm tfm-rubygem-puma-4.3.3-4.el7sat.src.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm tfm-rubygem-redis-4.1.2-2.el7sat.src.rpm tfm-rubygem-representable-3.0.4-1.el7sat.src.rpm tfm-rubygem-responders-3.0.0-3.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm tfm-rubygem-signet-0.11.0-3.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm tfm-rubygem-text-1.3.0-7.el7sat.src.rpm tfm-rubygem-thor-1.0.1-2.el7sat.src.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm tfm-rubygem-uber-0.1.0-1.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm</p> <p>noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm candlepin-3.1.21-1.el7sat.noarch.rpm candlepin-selinux-3.1.21-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-2.1.2.19-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-cli-2.1.2.19-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm foreman-ec2-2.1.2.19-1.el7sat.noarch.rpm foreman-gce-2.1.2.19-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-journald-2.1.2.19-1.el7sat.noarch.rpm foreman-libvirt-2.1.2.19-1.el7sat.noarch.rpm foreman-openstack-2.1.2.19-1.el7sat.noarch.rpm foreman-ovirt-2.1.2.19-1.el7sat.noarch.rpm foreman-postgresql-2.1.2.19-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm foreman-selinux-2.1.2.3-1.el7sat.noarch.rpm foreman-service-2.1.2.19-1.el7sat.noarch.rpm foreman-telemetry-2.1.2.19-1.el7sat.noarch.rpm foreman-vmware-2.1.2.19-1.el7sat.noarch.rpm katello-3.16.0-1.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm katello-selinux-3.4.0-1.el7sat.noarch.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm python3-async-timeout-3.0.1-2.el7ar.noarch.rpm python3-attrs-19.3.0-3.el7ar.noarch.rpm python3-chardet-3.0.4-10.el7ar.noarch.rpm python3-dateutil-2.8.1-2.el7ar.noarch.rpm python3-idna-2.4-2.el7ar.noarch.rpm python3-idna-ssl-1.1.0-2.el7ar.noarch.rpm python3-prometheus-client-0.7.1-2.el7ar.noarch.rpm python3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm python3-six-1.11.0-8.el7ar.noarch.rpm python3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm receptor-0.6.3-1.el7ar.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm rubygem-rack-1.6.12-1.el7sat.noarch.rpm rubygem-rake-0.9.2.2-41.el7sat.noarch.rpm satellite-6.8.0-1.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-cli-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm tfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm tfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm tfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm tfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm tfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm tfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm tfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm tfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm tfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm tfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm tfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm tfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm</p> <p>x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_passenger-4.0.18-24.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm pcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm python3-aiohttp-3.6.2-4.el7ar.x86_64.rpm python3-multidict-4.7.4-2.el7ar.x86_64.rpm python3-yarl-1.4.2-2.el7ar.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm rubygem-facter-2.4.1-2.el7sat.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm rubygem-passenger-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm</p> <p>These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/</p> <ol> <li>References:</li> </ol> <p>https://access.redhat.com/security/cve/CVE-2018-3258 https://access.redhat.com/security/cve/CVE-2018-11751 https://access.redhat.com/security/cve/CVE-2019-12781 https://access.redhat.com/security/cve/CVE-2019-16782 https://access.redhat.com/security/cve/CVE-2020-5216 https://access.redhat.com/security/cve/CVE-2020-5217 https://access.redhat.com/security/cve/CVE-2020-5267 https://access.redhat.com/security/cve/CVE-2020-7238 https://access.redhat.com/security/cve/CVE-2020-7663 https://access.redhat.com/security/cve/CVE-2020-7942 https://access.redhat.com/security/cve/CVE-2020-7943 https://access.redhat.com/security/cve/CVE-2020-8161 https://access.redhat.com/security/cve/CVE-2020-8184 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11619 https://access.redhat.com/security/cve/CVE-2020-14061 https://access.redhat.com/security/cve/CVE-2020-14062 https://access.redhat.com/security/cve/CVE-2020-14195 https://access.redhat.com/security/cve/CVE-2020-14334 https://access.redhat.com/security/cve/CVE-2020-14380 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK 1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa 5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr oomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f Z8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io OhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX k9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG C2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5 /6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta D2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a f4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG 1yK/tAm1KBU=osSG -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The purpose of this text-only errata is to inform you about the security issues fixed in this release. </p> <p>Security Fix(es):</p> <ul> <li> <p>netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)</p> </li> <li> <p>dom4j (CVE-2018-1000632)</p> </li> <li> <p>elasticsearch (CVE-2018-3831)</p> </li> <li> <p>pdfbox (CVE-2018-11797)</p> </li> <li> <p>vertx (CVE-2018-12541)</p> </li> <li> <p>spring-data-jpa (CVE-2019-3797)</p> </li> <li> <p>mina-core (CVE-2019-0231)</p> </li> <li> <p>jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540 CVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943 CVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619 CVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)</p> </li> <li> <p>jackson-mapper-asl (CVE-2019-10172)</p> </li> <li> <p>hawtio (CVE-2019-9827)</p> </li> <li> <p>undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)</p> </li> <li> <p>santuario (CVE-2019-12400)</p> </li> <li> <p>apache-commons-beanutils (CVE-2019-10086)</p> </li> <li> <p>cxf (CVE-2019-17573)</p> </li> <li> <p>apache-commons-configuration (CVE-2020-1953)</p> </li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:</p> <p>Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. </p> <p>Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1728604 - CVE-2019-9827 hawtio: server side request forgery via initial /proxy/ substring of a URI 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource 1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig 1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package 1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package 1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package 1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.<em> 1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource 1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source 1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default 1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS 1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.</em> 1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking 1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page 1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header 1798524 - CVE-2019-20444 netty: HTTP request smuggling 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1815212 - CVE-2020-1953 apache-commons-configuration: uncontrolled class instantiation when loading YAML files 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory 1848960 - CVE-2020-14060 jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool 1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool 1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms</p> <p>5</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202006-1827" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202006-1827" aria-expanded="false" aria-controls="collapseJsonvar-202006-1827"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202006-1827&t=Vulnerability var-202006-1827" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202006-1827&title=Vulnerability var-202006-1827" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202006-1827&url=https://vulnerability.circl.lu/vuln/var-202006-1827" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202006-1827&title=Vulnerability var-202006-1827" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202006-1827&description=Vulnerability var-202006-1827" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202006-1827&title=Vulnerability var-202006-1827" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202006-1827')" vuln-id="var-202006-1827" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202006-1827"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202006-1827">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1827", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "9.5" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.3" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.1" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "steelstore cloud integrated storage", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.2" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.2" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "7.3" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.1" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.5.0" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications calendar server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.5" }, { "model": "jackson-databind", "scope": "eq", "trust": 0.8, "vendor": "fasterxml", "version": "2.9.10.5" }, { "model": "ops center common services", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "(\u6d77\u5916\u8ca9\u58f2\u306e\u307f)" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-006821" }, { "db": "NVD", "id": "CVE-2020-14062" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.5", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "versionStartIncluding": "9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-14062" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "CNNVD", "id": "CNNVD-202006-996" } ], "trust": 1.0 }, "cve": "CVE-2020-14062", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-006821", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-166903", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-14062", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-006821", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-14062", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2020-006821", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202006-996", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-166903", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-14062", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-166903" }, { "db": "VULMON", "id": "CVE-2020-14062" }, { "db": "JVNDB", "id": "JVNDB-2020-006821" }, { "db": "CNNVD", "id": "CNNVD-202006-996" }, { "db": "NVD", "id": "CVE-2020-14062" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.5. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Satellite 6.8 release\nAdvisory ID: RHSA-2020:4366-01\nProduct: Red Hat Satellite 6\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4366\nIssue date: 2020-10-27\nCVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781\n CVE-2019-16782 CVE-2020-5216 CVE-2020-5217\n CVE-2020-5267 CVE-2020-7238 CVE-2020-7663\n CVE-2020-7942 CVE-2020-7943 CVE-2020-8161\n CVE-2020-8184 CVE-2020-8840 CVE-2020-9546\n CVE-2020-9547 CVE-2020-9548 CVE-2020-10693\n CVE-2020-10968 CVE-2020-10969 CVE-2020-11619\n CVE-2020-14061 CVE-2020-14062 CVE-2020-14195\n CVE-2020-14334 CVE-2020-14380\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Satellite 6.8 for RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Satellite 6.7 - noarch, x86_64\nRed Hat Satellite Capsule 6.8 - noarch, x86_64\n\n3. Description:\n\nRed Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized tool. \n\nSecurity Fix(es):\n\n* mysql-connector-java: Connector/J unspecified vulnerability (CPU October\n2018) (CVE-2018-3258)\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n* rubygem-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7663)\n* puppet: puppet server and puppetDB may leak sensitive information via\nmetrics API (CVE-2020-7943)\n* jackson-databind: multiple serialization gadgets (CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)\n* foreman: unauthorized cache read on RPM-based installations through local\nuser (CVE-2020-14334)\n* Satellite: Local user impersonation by Single sign-on (SSO) user leads to\naccount takeover (CVE-2020-14380)\n* Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n(CVE-2019-12781)\n* rubygem-rack: hijack sessions by using timing attacks targeting the\nsession id (CVE-2019-16782)\n* rubygem-secure_headers: limited header injection when using dynamic\noverrides with user input (CVE-2020-5216)\n* rubygem-secure_headers: directive injection when using dynamic overrides\nwith user input (CVE-2020-5217)\n* rubygem-actionview: views that use the `j` or `escape_javascript` methods\nare susceptible to XSS attacks (CVE-2020-5267)\n* puppet: Arbitrary catalog retrieval (CVE-2020-7942)\n* rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)\n* rubygem-rack: percent-encoded cookies can be used to overwrite existing\nprefixed cookie names (CVE-2020-8184)\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n* puppet-agent: Puppet Agent does not properly verify SSL connection when\ndownloading a CRL (CVE-2018-11751)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\n* Provides the Satellite Ansible Modules that allow for full automation of\nyour Satellite configuration and deployment. \n\n* Adds ability to install Satellite and Capsules and manage hosts in a IPv6\nnetwork environment\n\n* Ansible based Capsule Upgrade automation: Ability to centrally upgrade\nall of your Capsule servers with a single job execution. \n\n* Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest\nversion of Puppet\n\n* Support for HTTP UEFI provisioning\n\n* Support for CAC card authentication with Keycloak integration\n\n* Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8\nusing the LEAPP based tooling. \n\n* Support for Red Hat Enterprise Linux Traces integration\n\n* satellite-maintain \u0026 foreman-maintain are now self updating\n\n* Notifications in the UI to warn users when subscriptions are expiring. \n\nThe items above are not a complete list of changes. This update also fixes\nseveral bugs and adds various enhancements. Documentation for these changes\nis available from the Release Notes document linked to in the References\nsection. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1160344 - [RFE] Satellite support for cname as alternate cname for satellite server\n1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems\n1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy\n1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt\n1398317 - For the vms built by Satellite 6 using \"Network Based\" installation mode on VMWare, unable to change the boot sequence via BIOS\n1410616 - [RFE] Prominent notification of expiring subscriptions. \n1410916 - Should only be able to add repositories you have access to\n1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3\n1461781 - [RFE]A button should be available in the GUI to clear the recurring logics. \n1469267 - need updated rubygem-rake\n1486446 - Content view versions list has slow query for package count\n1486696 - \u0027hammer host update\u0027 removes existing host parameters\n1494180 - Sorting by network address for subnet doesn\u0027t work properly\n1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost\n1503037 - [RFE] Cancelled future/recurring job invocations should not get the status \"failed\" but rather \"cancelled\"\n1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for \"172.17.0.101\"\n1531674 - Operating System Templates are ordered inconsistently in UI. \n1537320 - [RFE] Support for Capsules at 1 version lower than Satellite\n1543316 - Satellite 6.2 Upgrade Fails with error \"rake aborted! NoMethodError: undefined method `first\u0027 for nil:NilClass\" when there are custom bookmarks created\n1563270 - Sync status information is lost after cleaning up old tasks related to sync. \n1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers (\u0027ECDHE-RSA-AES128-GCM-SHA256\u0027, \u0027ECDHE-RSA-AES256-GCM-SHA384\u0027)\n1571907 - Passenger threads throwing tracebacks on API jobs after spawning\n1576859 - [RFE] Implement automatic assigning subnets through data provided by facter\n1584184 - [RFE] The locked template is getting overridden by default\n1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box\n1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template\n1608001 - Rearrange search/filter options on Red Hat Repositories page. \n1613391 - race condition on removing multiple organizations simultaneously\n1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot\n1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version\n1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui\n1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization\n1625258 - Having empty \"Allocation (GB)\" when creating a new Host, nil:NilClass returned on creating the Host\n1627066 - Unable to revert to the original version of the provisioning template\n1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules\n1630536 - yum repos password stored as cleartext\n1632577 - Audit log show \u0027missing\u0027 for adding/removing repository to a CV\n1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)\n1645062 - host_collection controller responds with 200 instead of 201 to a POST request\n1645749 - repositories controller responds with 200 instead of 201 to a POST request\n1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build\n1647364 - [RFE] Extend the audits by the http request id\n1647781 - Audits contain no data (Added foo to Missing(ID: x))\n1651297 - Very slow query when using facts on user roles as filters\n1653217 - [RFE] More evocative name for Play Ansible Roles option?\n1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks\n1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,\n1659418 - katello-tracer-upload failing with error \"ImportError: No module named katello\"\n1665277 - subscription manager register activation key with special character failed\n1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal\n1666693 - Command \"hammer subscription list\" is not correctly showing the comment \"Guests of \" in the \"Type\" field in the output. \n1677907 - Ansible API endpoints return 404\n1680157 - [RFE] Puppet \u0027package\u0027 provider type does not support selecting modularity streams\n1680458 - Locked Report Templates are getting removed. \n1680567 - Reporting Engine API to list report template per organization/location returns 404 error\n1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite\n1685949 - [RFE] Support passing of attribute name instead of Id\u0027s in RHV workflow\n1687116 - kernel version checks should not use /lib/modules to determine running version\n1688886 - subscription-manager not attaching the right quantity per the cpu core\n1691416 - Delays when many clients upload tracer data simultaneously\n1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself\n1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don\u0027t match runtime permissions\n1705097 - An empty report file doesn\u0027t show any headers\n1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service\n1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed\n1710511 - Filter by os_minor includes unexpected values on the Satellite web UI. \n1715999 - Use Infoblox API for DNS conflict check and not system resolver\n1716423 - Nonexistent quota can be set\n1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page\n1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array\n1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally\n1719509 - [RFE] \"hammer host list\" including erratas information\n1719516 - [RFE] \"hammer host-collection hosts\" including erratas information\n1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition\n1721419 - SSH key cannot be added when FIPS enabled\n1722954 - Slow performance when running \"hammer host list\" with a high number of Content Hosts (15k+ for example)\n1723313 - foreman_tasks:cleanup description contain inconsistent information\n1724494 - [Capsule][smart_proxy_dynflow_core] \"PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start\"\n1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name\n1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear\n1730083 - [RFE] Add Jobs button to host detail page\n1731155 - Cloud init template missing snippet compared to Kickstart default user data\n1731229 - podman search against Red Hat Satellite 6 fails. \n1731235 - [RFE] Create Report Template to list inactive hosts\n1733241 - [RFE] hammer does not inherit parent location information\n1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN\n1736809 - undefined method `split\u0027 for nil:NilClass when viewing the host info with hammer\n1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host. \n1737564 - [RFE] Support custom images on Azure\n1738548 - Parameter --openscap-proxy-id is missing in hammer host create command. \n1740943 - Increasing Ansible verbosity level does not increase the verbosity of output\n1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location. \n1743776 - Error while deleting the content view version. \n1745516 - Multiple duplicate index entries are present in candlepin database\n1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI. \n1749692 - Default Rhel8 scap content does not get populated on the Satellite\n1749916 - [RFE] Satellite should support certificates with \u003e 2048 Key size\n1751981 - Parent object properties are not propagated to Child objects in Location and Host Group\n1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command\n1753551 - Traces output from Satellite GUI has mismatches with client tracer output\n1756991 - 2 inputs with same name -\u003e uninitialized constant #\u003cClass:0x000000000b894c38\u003e::NonUniqueInputsError\n1757317 - [RFE] Dynflow workers extraction\n1757394 - [BUG] Non-admin users always get \"Missing one of the required permissions\" message while accessing their own table_preferences via Satellite 6 API\n1759160 - Rake task for cleaning up DHCP records on proxy\n1761872 - Disabled buttons are still working\n1763178 - [RFE] Unnecessary call to userhelp and therefore log entries\n1763816 - [RFE] Report which users access the API\n1766613 - Fact search bar broken and resets to only searching hostname\n1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting\n1767497 - Compute Resource filter does not correctly allow Refresh Cache\n1767635 - [RFE] Enable Organization and Location to be entered not just selected\n1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer. \n1770544 - Puppet run job notification do not populate \"%{puppet_options}\"\u0027 value\n1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method `[]\u0027 for nil:NilClass\n1771367 - undefined method `request_uri\u0027 when Openidc Provider Token Endpoint is none\n1771428 - Openscap documentation link on Satellite 6 webui is broke\n1771484 - Client side documentation links are not branded\n1771693 - \u0027Deployed on\u0027 parameter is not listed in API output\n1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order\n1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again\n1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt\n1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare\n1774710 - UI: When selecting the server type in ldap authentication, \"attribute mappings\" fields could be populated automatically\n1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)\n1778503 - Prepended text on OS name creation\n1778681 - Some pages are missing title in html head\n1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI. \n1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly\n1782352 - [RHEL 8.1 client] All packages are not getting updated after click on \"Update All Packages\"\n1782426 - Viewing errata from a repository returns incorrect unfiltered results\n1783568 - [RFE] - Bulk Tracer Remediation\n1783882 - Ldap refresh failed with \"Validation failed: Adding would cause a cycle!\"\n1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log\n1784341 - disable CertificateRevocationListTask job in candlepin.conf by default\n1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file\n1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6. \n1785624 - [UI] Importing templates with associate \u0027never\u0027 is not resulting as expected\n1785683 - Does not load datacenter when multiple compute resources are created for same VCenter\n1785902 - Ansible RunHostJob tasks failed with \"Failed to initialize: NoMethodError - undefined method `[]\u0027 for nil:NilClass\"\n1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date\n1787329 - change filename in initrd live CPIO archive to fdi.iso\n1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL\n1788958 - [RFE] add \"elapsed time\" column to export and hammer, make it filterable in WebUI\n1789006 - Smart proxy dynflow core listens on 0.0.0.0\n1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id\n1789434 - Template editor not always allows refreshing of the preview pane\n1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely\n1789686 - Non-admin user with enough permissions can\u0027t generate report of applicable errata\n1789815 - The \"start\" parameter should be mentioned inside \"--compute-attributes:\" in hammer_cli for Satellite 6\n1789911 - \"foreman-rake katello:publish_unpublished_repositories\" is referring to column which no longer exists in katello_repositories table. \n1789924 - [RFE] As user I want to see a \"disabled\" status for Simple Content Access (Golden Ticketed) Orgs\n1791654 - drop config_templates api endpoints and parameters\n1791656 - drop deprecated host status endpoint\n1791658 - drop reports api endpoint\n1791659 - Remove `use_puppet_default` api params\n1791663 - remove deprecated permissions api parameters\n1791665 - drop deprecated compute resource uuid parameter\n1792131 - [UI] Could not specify organization/location for users that come from keycloak\n1792135 - Not able to login again if session expired from keycloak\n1792174 - [RFE] Subscription report template\n1792304 - When generating custom report, leave output format field empty\n1792378 - [RFE] Long role names are cut off in the roles UI\n1793951 - [RFE] Display request UUID on audits page\n1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists\n1794346 - Change the label for the flashing eye icon during user impersonation\n1794641 - Sync status page\u0027s content are not being displayed properly. \n1795809 - HTML tags visible on paused task page\n1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled\n1796205 - iso upload: correctly check if upload directory exists\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1796259 - loading subscriptions page is very slow\n1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode\n1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout\n1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server\n1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state. \n1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host\n1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input\n1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input\n1802529 - Repository sync in tasks page shows percentage in 17 decimal points\n1802631 - Importing Ansible variables yields NoMethodError: undefined method `map\u0027 for nil:NilClass (initialize_variables) [variables_importer.rb]\n1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none\n1804496 - While performing bulk actions, unable to select all tasks under Monitor --\u003e Tasks page. \n1804651 - Missing information about \"Create Capsule\" via webUI\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7\n1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error\n1806842 - Disabling dynflow_enable_console from setting should hide \"Dynflow console\" in Tasks\n1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method `mtu\u0027\n1807042 - [RFE] Support additional disks for VM on Azure Compute Resource\n1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics. \n1807829 - Generated inventory file doesn\u0027t exist\n1807946 - Multiple duplicate index entries are present in foreman database\n1808843 - Satellite lists unrelated RHV storage domains using v4 API\n1810250 - Unable to delete repository - Content with ID could not be found\n1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd\n1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection\n1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic \"errata\" page instead\n1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units\n1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana\u0027s API specification\n1812904 - \u0027Hypervisors\u0027 task fails with \u0027undefined method `[]\u0027 for nil:NilClass\u0027 error\n1813005 - Prevent --tuning option to be applied in Capsule servers\n1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)\n1814095 - Applicable errata not showing up for module stream errata\n1815104 - Locked provisioning template should not be allowed to add audit comment\n1815135 - hammer does not support description for custom repositories\n1815146 - Backslash escapes when downloading a JSON-formatted report multiple times\n1815608 - Content Hosts has Access to Content View from Different Organization\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1816699 - Satellite Receptor Installer role can miss accounts under certain conditions\n1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval\n1816853 - Report generated by Red Hat Inventory Uploads is empty. \n1817215 - Admin must be able to provide all the client ids involved inside Satellite settings. \n1817224 - Loading one org\u0027s content view when switching to a different org\n1817481 - Plugin does not set page \u003ctitle\u003e\n1817728 - Default task polling is too frequent at scale\n1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com. \n1818062 - Deprecated message about katello agent being shown on content host registration page\n1818816 - Web console should open in a new tab/window\n1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1820193 - Deleted Global Http Proxy is still being used during repository sync. \n1820245 - reports in JSON format can\u0027t handle unicode characters\n1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512\n1821335 - Inventory plugin captures information for systems with any entitlement\n1821457 - [RFE] Capsules shouldn\u0027t update hosts\u0027 \"Registered through\" facts on the Satellite server in a load-balanced configuration. \n1821629 - Eager zero seems to do nothing\n1821651 - Manifest import task progress remains at 0. \n1821752 - New version of the plugin is available: 1.0.5\n1822039 - Get HTTP error when deploying the virt-who configure plugin\n1822560 - Unable to sync large openshift docker repos\n1823905 - Update distributor version to sat-6.7\n1823991 - [RFE] Add a more performant way to sort reports\n1824183 - Virtual host get counted as physical hosts on cloud.redhat.com\n1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes \"Blank\"\n1825760 - schedule inventory plugin sync failed due to \u0027organization_id\u0027 typecasting issue. \n1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy\n1825978 - Manifest refresh failed with \u0027Katello::Errors::CandlepinError Invalid credentials.\u0027 error\n1826298 - even when I cancel ReX job, remediation still shows it as running\n1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images\n1826515 - [RFE] Consume Candlepin events via STOMP\n1826625 - Improve performance of externalNodes\n1826678 - New version of the plugin is available: 2.0.6\n1826734 - Tasks uses wrong controller name for bookmarks\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories\n1827583 - Installing dhcp_isc and dhcp_remote_isc fails with \"You cannot specify the same gem twice with different version requirements.....You specified: rsec (\u003c 1) and rsec (\u003e= 0)\"\n1828257 - Receptor init file missing [Install] section, receptor service won\u0027t run after restart\n1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API\n1828549 - Manifest Certificate Exposed by Unprivileged User\n1828682 - Create compute resource shows console error \u0027Cannot read property \u0027aDataSort\u0027 of undefined\u0027\n1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default\n1828868 - Add keep alive option in Receptor node\n1829487 - Ansible verbosity level does not work\n1829766 - undefined method `tr\u0027 for nil:NilClass when trying to get a new DHCP lease from infoblox\n1830253 - Default job templates are not locked\n1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time\n1830834 - Unable to update default value of a smart class parameter (Sql query error). \n1830860 - Refactor loading regions based on subscription dynamically\n1830882 - Red Hat Satellite brand icon is missing\n1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo\n1831528 - CVE-2020-5267 rubygem-actionview: views that use the `j` or `escape_javascript` methods are susceptible to XSS attacks\n1833031 - Improve RH account ID fetching in cloud connector playbook\n1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)\n1833039 - Introduce error code to playbook_run_finished response type\n1833311 - \"Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid\" while creating scap policy with ansible deployment option. \n1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of \u0027/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud\u0027 returned 1: Error: Nothing to do\n1834377 - Disable mongo FTDC\n1834866 - Missing macro for \"registered_at\" host subscription facet\n1834898 - Login Page background got centralized and cropped\n1835189 - Missing macro for \"host_redhat_subscriptions\" in host subscription facet\n1835241 - Some applicability of the consumers are not recalculated after syncing a repository\n1835882 - While executing \"Configure Cloud Connector\" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting\n1836155 - Support follow on rails, travis and i18n work for AzureRm plugin\n1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman. \n1836774 - Some foreman services failed to start (pulp_streamer)\n1836845 - \"Generate at\" in report template should be current date\n1837951 - \"invalid Unicode Property \\p: /\\b\\perform various actions through those proxies\\b(?!-)/\" warning messages appears in dynflow-sidekiq@worker-hosts-queue\n1838160 - \u0027Registered hosts\u0027 report does not list kernel release for rhsm clients\n1838191 - Arrow position is on left rather in the middle under \"Start Time\"\n1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory\n1838917 - Repositories are not showing their available Release versions due to a low default db pool size\n1838963 - Hypervisors from Satellite, never makes their way to HBI\n1838965 - Product name link is not working on the activation keys \"Repository Sets\" tab. \n1839025 - Configure Cloud Connector relies on information which is no longer provided by the API\n1839649 - satellite-installer --reset returns a traceback\n1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds\n1839779 - undefined local variable or method `implicit_order_column\u0027 for #\u003cActiveRecord::Associations::CollectionProxy\u003e on GET request to /discovery_rules endpoint\n1839966 - New version of the plugin is available: 2.0.7\n1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out . \n1840191 - Validate parameters passed by receptor to the receptor-satellite plugin\n1840218 - ArgumentError: wrong number of arguments\n1840525 - Content host list doesn\u0027t update after the successful deletion of content host. \n1840635 - Proxy has failed to load one or more features (Realm)\n1840723 - Selected scenario is DISABLED, can not continue\n1840745 - Satellite installation failed with puppet error \" No Puppet module parser is installed\"\n1841098 - Failed to resolve package dependency while doing satellite upgrade. \n1841143 - Known hosts key removal may fail hard, preventing host from being provisioned\n1841573 - Clicking breadcrumb \"Auth Source Ldaps\" on Create LDAP Auth Source results in \"The page you were looking for doesn\u0027t exist.\"\n1841818 - icons missing on /pub download page\n1842900 - ERROR! the role \u0027satellite-receptor\u0027 was not found in ... \n1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/\n1843406 - In 6.8, Receptor installation playbook\u0027s inputs are visible again\n1843561 - Report templates duplicated\n1843846 - Host - Registered Content Hosts report: \"Safemode doesn\u0027t allow to access \u0027report_hraders\u0027 on #\u003cSafemode::ScopeObject\u003e\"\n1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8\n1843926 - satellite-change-hostname fails when running nsupdate\n1844142 - [RFE] Drop a subsription-manager fact with the satellite version\n1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP\n1845486 - [RFE] Able to select \u0027HTTP Proxy\u0027 during Compute Resource create for \u0027GCE\u0027 as similar to EC2\n1845860 - hammer org add-provisioning-template command returns Error: undefined method `[]\u0027 for nil:NilClass\n1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1846254 - need to restart services after enabling leapp plugin\n1846313 - Add index on locks for resource type and task id\n1846317 - undefined method `klass\u0027 for nil:NilClass\n1846421 - build pxe default do not work when more than 1 provider\n1846593 - Satellite-installer failed with error \"Could not find a suitable provider for foreman_smartproxy\" while doing upgrade from 6.7 to 6.8\n1847019 - Empty applicability for non-modular repos\n1847063 - Slow manifest import and/or refresh\n1847407 - load_pools macro not in list of macros\n1847645 - Allow override of Katello\u0027s DISTRIBUTOR_VERSION\n1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details. \n1847840 - Libvirt note link leads to 404\n1847871 - Combined Profile Update: ArgumentError: invalid argument: nil. \n1848291 - Download kernel/initram for kexec asynchronously\n1848535 - Unable to create a pure IPv6 host\n1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)\n1848902 - ERF42-0258 [Foreman::Exception]: \u003cuuid\u003e is not valid, enter id or name\n1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory\n1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool\n1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms\n1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule\n1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names\n1849656 - ERROR! You cannot use loops on \u0027import_tasks\u0027 statements. You should use \u0027include_tasks\u0027 instead. \n1849680 - Task progress decimal precision discrepancy between UI, CLI, and API\n1849869 - Unable to recycle the dynflow executor\n1850355 - Auth Source Role Filters are not working in Satellite 6.8\n1850536 - Can\u0027t add RHEV with APIv3 through Hammer\n1850914 - Checksum type \"sha256\" is not available for all units in the repository. Make sure those units have been downloaded\n1850934 - Satellite-installer failed with error \"Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)\"\n1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates\n1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9\n1851167 - Autoattach -\u003e \"undefined\" subscription added\n1851176 - Subscriptions do not provide any repository sets\n1851952 - \"candlepin_events FAIL Not running\" and wont restart\n1852371 - Allow http proxy ports by default\n1852723 - Broken link for documentation on installation media page\n1852733 - Inventory upload documentation redirects to default location\n1852735 - New version of the plugin is available: 2.0.8\n1853076 - large capsule syncs cause slow processing of dynflow tasks/steps\n1853200 - foreman-rake-db:migrate Fails on \"No indexes found on foreman_tasks_locks with the options provided\"\n1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7\n1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh\n1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views\n1853572 - Broken documentation link for \u0027RHV\u0027 in Compute Resource\n1854138 - System purpose status should show as \u0027disabled\u0027 when Satellite is in Simple Content Access mode. \n1854397 - Compliance reports are not being uploaded to satellite. \n1854530 - PG::NotNullViolation when syncing hosts from cloud\n1855008 - Host parameters are set after the host is created. \n1855254 - Links to documentation broken in HTTP Proxies setup\n1855348 - katello_applicability accidentally set to true at install\n1855710 - \u0027Ensure RPM repository is configured and enabled\u0027 task says \u0027FIXME\u0027\n1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page. \n1856379 - Add missing VM creation tests\n1856401 - [RFE] Add module to create HTTP Proxy\n1856831 - New version of the plugin is available: 2.0.9\n1856837 - undefined method \u0027#httpboot\u0027 for NilClass::Jail (NilClass) when creating an IPv6 only host\n1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500\n1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos\n1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos\n1857377 - Capsule Upgrade Playbook fails with \"Failed to initialize: NoMethodError - undefined method `default_capsule\u0027 for Katello:Module\"\n1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError\n1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename. \n1857726 - Warnings are shown during the satellite package installation on RHEL 7.9\n1858237 - Upgraded Satellite has duplicated katello_pools indexes\n1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user\n1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite\n1858855 - Creating compute resources on IPV6 network does not fail gracefully\n1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf\n1859194 - load_hosts macro duplicated in a list of macros\n1859276 - Need to update the deprecation warning message on Statistics and Trends page. \n1859705 - Tomcat is not running on fresh Capsule installation\n1859929 - User can perform other manifest actions while the first one starts\n1860351 - \u0027Host - compare content hosts packages\u0027 report fails with error \u0027undefined method \u0027#first\u0027 for NilClass\u0027\n1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed\n1860422 - Host with remediations can\u0027t be removed\n1860430 - \u0027Host - compare content hosts packages\u0027 report: Safemode doesn\u0027t allow to access \u0027version\u0027... \n1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service\n1860519 - Browsing capsule /pub directory with https fails with forbidden don\u0027t have permission to access /pub/ error. \n1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8\n1860587 - Documentation link in Administer -\u003e About pointing to 6.6 document. \n1860835 - Installed Packages not displayed on About page\n1860957 - Unable to select an organization for sync management\n1861367 - Import Template sync never completes\n1861397 - UI dialog for Capsule Upgrade Playbook job doesn\u0027t state whitelist_options is required\n1861422 - Error encountered while handling the response, replying with an error message (\u0027plugin_config\u0027)\n1861656 - smart-proxy-openscap-send command fails to upload reports to satellite. \n1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request\n1861766 - Add ability to list traces by host with hammer\n1861807 - Cancel/Abort button should be disabled once REX job is finish\n1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer\n1861831 - satellite-change-hostname cannot change the satellite hostname after failing. \n1861890 - Recommended repos do not match Satellite version\n1861970 - Content -\u003e Product doesn\u0027t work when no organization is selected\n1862135 - updating hosts policy using bulk action fails with sql error\n1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite. \n1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6\n1865871 - Obfuscated hosts do not have domain reported\n1865872 - Templates doc - examples on onepage.html are not processed\n1865874 - Add inventory status to host\n1865876 - Make recommendations count in hosts index a link\n1865879 - Add automatic scheduler for insights sync\n1865880 - Add an explanation how to enable insights sync\n1865928 - Templates documentation help page has hard-coded Satellite setting value\n1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently\n1866029 - Templates DSL documentation: Parts of description are put in \u003cpre\u003e tag\n1866436 - host search filter does not work in job invocation page\n1866461 - Run action is missing in job templates page\n1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page\n1866700 - Hammer CLI is missing \"resolve\" (traces) option for katello-tracer\n1866710 - Wrong API endpoint path referenced for resolving host traces\n1867239 - hammer content-view version incremental-update fails with ISE\n1867287 - Error Row was updated or deleted by another transaction when deleting docker repository\n1867311 - Upgrade fails when checkpoint_segments postgres parameter configured\n1867399 - Receptor-satellite isn\u0027t able to deal with jobs where all the hosts are unknown to satellite\n1867895 - API Create vmware ComputeResource fails with \"Datacenter can\u0027t be blank\"\n1868183 - Unable to change virt-who hypervisor location. \n1868971 - Receptor installation job doesn\u0027t properly escape data it puts into receptor.conf\n1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)\u0027 messages come in upgrade and installation. \n1869812 - Tasks fail to complete under load\n1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow\n1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)\n1871434 - theme css \".container\" class rule is too generic\n1871729 - ansible-runner implementation depends on third party repository for ansible-runner package. \n1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout\n1871978 - Bug in provisioning_template Module\n1872014 - Enable web console on host error in \"Oops, we\u0027re sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console\"\n1872041 - Host search returns incorrect result\n1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result\n1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover\n1874143 - Red Hat Inventory Uploads does not use proxy\n1874160 - Changing Content View of a Content Host needs to better inform the user around client needs\n1874168 - Sync Plan fails with \u0027uninitialized constant Actions::Foreman::Exception\u0027\n1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file\n1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)\n1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow\n1874176 - Unable to search by value of certain Hostgroup parameter\n1874422 - Hits Sync uses only old proxy setting\n1874619 - Hostgroup tag is never reported in slice\n1875357 - After upgrade server response check failed for candlepin. \n1875426 - Azure VM provision fails with error `requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`\n1875660 - Reporting Template macros host_cores is not working as expected\n1875667 - Audit page list incorrect search filter\n1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only\n1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding\n1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries\n1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-*.csv\n1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-*.csv\n1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-*.csv\n1878194 - In Capsule upgrade, \"yum update\" dump some error messages. \n1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled\n1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections\n1878850 - creating host from hg doesn\u0027t resolves the user-data template\n1879151 - Remote execution status not updating with large number of hosts\n1879448 - Add hits details to host details page\n1879451 - Stop uploading if Satellite\u0027s setting is disconnected\n1879453 - Add plugin version to report metadata\n1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP\n1880637 - [6.8] satellite-installer always runs upgrade steps\n1881066 - Safemode doesn\u0027t allow to access \u0027host_cores\u0027 on #\u003cSafemode::ScopeObject\u003e\n1881078 - Use Passenger instead of Puma as the Foreman application server\n1881988 - [RFE] IPv6 support for Satellite 6.8\n1882276 - Satellite installation fails at execution of \u0027/usr/sbin/foreman-rake -- config -k \u0027remote_execution_cockpit_url\u0027 -v \u0027/webcon/=%{host}\u0027\u0027\n1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results\n1883093 - installer-upgrade failed with error \"Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)\"\n1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error \"HTTP error (500 - Internal Server Error): Unable to register system, not all services available\"\n1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals\n1887489 - Insights rules can\u0027t be loaded on freshly installed Satellite system\n1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO\n\n6. Package List:\n\nRed Hat Satellite Capsule 6.8:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-child-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-common-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nRed Hat Satellite 6.7:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncandlepin-3.1.21-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nforeman-selinux-2.1.2.3-1.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npcp-mmvstatsd-0.4-2.el7sat.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-aiohttp-3.6.2-4.el7ar.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-async-timeout-3.0.1-2.el7ar.src.rpm\npython-attrs-19.3.0-3.el7ar.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-chardet-3.0.4-10.el7ar.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-dateutil-2.8.1-2.el7ar.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-idna-2.4-2.el7ar.src.rpm\npython-idna-ssl-1.1.0-2.el7ar.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-multidict-4.7.4-2.el7ar.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-prometheus-client-0.7.1-2.el7ar.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-receptor-satellite-1.2.0-1.el7sat.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-six-1.11.0-8.el7ar.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-typing-extensions-3.7.4.1-2.el7ar.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-yarl-1.4.2-2.el7ar.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nreceptor-0.6.3-1.el7ar.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm\nrubygem-facter-2.4.1-2.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nrubygem-passenger-4.0.18-24.el7sat.src.rpm\nrubygem-rack-1.6.12-1.el7sat.src.rpm\nrubygem-rake-0.9.2.2-41.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.src.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.src.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.src.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.src.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.src.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.src.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.src.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.src.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.src.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.src.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.src.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncandlepin-3.1.21-1.el7sat.noarch.rpm\ncandlepin-selinux-3.1.21-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-2.1.2.19-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-cli-2.1.2.19-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ec2-2.1.2.19-1.el7sat.noarch.rpm\nforeman-gce-2.1.2.19-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-journald-2.1.2.19-1.el7sat.noarch.rpm\nforeman-libvirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-openstack-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ovirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-postgresql-2.1.2.19-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nforeman-selinux-2.1.2.3-1.el7sat.noarch.rpm\nforeman-service-2.1.2.19-1.el7sat.noarch.rpm\nforeman-telemetry-2.1.2.19-1.el7sat.noarch.rpm\nforeman-vmware-2.1.2.19-1.el7sat.noarch.rpm\nkatello-3.16.0-1.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkatello-selinux-3.4.0-1.el7sat.noarch.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\npython3-async-timeout-3.0.1-2.el7ar.noarch.rpm\npython3-attrs-19.3.0-3.el7ar.noarch.rpm\npython3-chardet-3.0.4-10.el7ar.noarch.rpm\npython3-dateutil-2.8.1-2.el7ar.noarch.rpm\npython3-idna-2.4-2.el7ar.noarch.rpm\npython3-idna-ssl-1.1.0-2.el7ar.noarch.rpm\npython3-prometheus-client-0.7.1-2.el7ar.noarch.rpm\npython3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm\npython3-six-1.11.0-8.el7ar.noarch.rpm\npython3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nreceptor-0.6.3-1.el7ar.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nrubygem-rack-1.6.12-1.el7sat.noarch.rpm\nrubygem-rake-0.9.2.2-41.el7sat.noarch.rpm\nsatellite-6.8.0-1.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-cli-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_passenger-4.0.18-24.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\npython3-aiohttp-3.6.2-4.el7ar.x86_64.rpm\npython3-multidict-4.7.4-2.el7ar.x86_64.rpm\npython3-yarl-1.4.2-2.el7ar.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm\nrubygem-facter-2.4.1-2.el7sat.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nrubygem-passenger-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-3258\nhttps://access.redhat.com/security/cve/CVE-2018-11751\nhttps://access.redhat.com/security/cve/CVE-2019-12781\nhttps://access.redhat.com/security/cve/CVE-2019-16782\nhttps://access.redhat.com/security/cve/CVE-2020-5216\nhttps://access.redhat.com/security/cve/CVE-2020-5217\nhttps://access.redhat.com/security/cve/CVE-2020-5267\nhttps://access.redhat.com/security/cve/CVE-2020-7238\nhttps://access.redhat.com/security/cve/CVE-2020-7663\nhttps://access.redhat.com/security/cve/CVE-2020-7942\nhttps://access.redhat.com/security/cve/CVE-2020-7943\nhttps://access.redhat.com/security/cve/CVE-2020-8161\nhttps://access.redhat.com/security/cve/CVE-2020-8184\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11619\nhttps://access.redhat.com/security/cve/CVE-2020-14061\nhttps://access.redhat.com/security/cve/CVE-2020-14062\nhttps://access.redhat.com/security/cve/CVE-2020-14195\nhttps://access.redhat.com/security/cve/CVE-2020-14334\nhttps://access.redhat.com/security/cve/CVE-2020-14380\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK\n1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa\n5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr\noomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f\nZ8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io\nOhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX\nk9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG\nC2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5\n/6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta\nD2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a\nf4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG\n1yK/tAm1KBU=osSG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nSecurity Fix(es):\n\n* netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)\n\n* dom4j (CVE-2018-1000632)\n\n* elasticsearch (CVE-2018-3831)\n\n* pdfbox (CVE-2018-11797)\n\n* vertx (CVE-2018-12541)\n\n* spring-data-jpa (CVE-2019-3797)\n\n* mina-core (CVE-2019-0231)\n\n* jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540\nCVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943\nCVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619\nCVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)\n\n* jackson-mapper-asl (CVE-2019-10172)\n\n* hawtio (CVE-2019-9827)\n\n* undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)\n\n* santuario (CVE-2019-12400)\n\n* apache-commons-beanutils (CVE-2019-10086)\n\n* cxf (CVE-2019-17573)\n\n* apache-commons-configuration (CVE-2020-1953)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. \n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1728604 - CVE-2019-9827 hawtio: server side request forgery via initial /proxy/ substring of a URI\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource\n1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig\n1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package\n1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package\n1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package\n1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*\n1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource\n1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source\n1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default\n1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS\n1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*\n1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page\n1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header\n1798524 - CVE-2019-20444 netty: HTTP request smuggling\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1815212 - CVE-2020-1953 apache-commons-configuration: uncontrolled class instantiation when loading YAML files\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory\n1848960 - CVE-2020-14060 jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool\n1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool\n1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2020-14062" }, { "db": "JVNDB", "id": "JVNDB-2020-006821" }, { "db": "VULHUB", "id": "VHN-166903" }, { "db": "VULMON", "id": "CVE-2020-14062" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "158636" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-14062", "trust": 3.0 }, { "db": "PACKETSTORM", "id": "159724", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "158651", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-006821", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202006-996", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.2280", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2588", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2619", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3703", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "NSFOCUS", "id": "48650", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "158650", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-166903", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-14062", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158636", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-166903" }, { "db": "VULMON", "id": "CVE-2020-14062" }, { "db": "JVNDB", "id": "JVNDB-2020-006821" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "CNNVD", "id": "CNNVD-202006-996" }, { "db": "NVD", "id": "CVE-2020-14062" } ] }, "id": "VAR-202006-1827", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-166903" } ], "trust": 0.01 }, "last_update_date": "2024-02-13T00:58:14.643000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Block one more gadget type (jaxp-ri, CVE-2020-14062) #2704", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2704" }, { "title": "hitachi-sec-2020-125", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-125/index.html" }, { "title": "hitachi-sec-2020-125", "trust": 0.8, "url": "https://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2020-125/index.html" }, { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=122482" }, { "title": "Red Hat: Important: Satellite 6.8 release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204366 - security advisory" }, { "title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory" }, { "title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-125" }, { "title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109" }, { "title": "Cubed", "trust": 0.1, "url": "https://github.com/yahoo/cubed " }, { "title": "SecBooks\nSecBooks\u76ee\u5f55", "trust": 0.1, "url": "https://github.com/sexybeast233/secbooks " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-14062" }, { "db": "JVNDB", "id": "JVNDB-2020-006821" }, { "db": "CNNVD", "id": "CNNVD-202006-996" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-166903" }, { "db": "JVNDB", "id": "JVNDB-2020-006821" }, { "db": "NVD", "id": "CVE-2020-14062" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20200702-0003/" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2704" }, { "trust": 1.8, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html" }, { "trust": 1.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062" }, { "trust": 1.1, "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14062" }, { "trust": 0.7, "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2280/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3703/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affects-ibm-operations-analytics-predictive-insights-cve-2019-14060-cve-2019-14661-cve-2019-14662/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-code-execution-via-xalan2-32687" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2588/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insight-component-ibm-network-performance-insight-1-3-1-affected-by-cve-2020-14062/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2619/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159724/red-hat-security-advisory-2020-4366-01.html" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/48650" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-9547" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10968" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-9546" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-14061" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-11619" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-9548" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-14062" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-8840" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10969" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-7238" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11112" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11113" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-17573" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14060" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-10672" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-20445" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-10673" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-20444" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11620" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-20330" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11111" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061" }, { "trust": 0.2, "url": "https://access.redhat.com/errata/rhsa-2020:4366" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-13990" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9512" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12406" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9514" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9515" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9518" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16869" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12423" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-11612" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-14195" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-10086" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/yahoo/cubed" }, { "trust": 0.1, "url": "https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-125/index.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3196" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16782" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16782" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12781" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-5267" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14380" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11751" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7943" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8184" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14334" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11751" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-5217" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12781" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5267" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7663" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5217" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7663" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14380" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8184" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7942" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10693" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8161" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14334" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7943" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-5216" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3197" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16335" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16943" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3831" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17531" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-12541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4970" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9827" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14540" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1745" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9511" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10172" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1953" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1757" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17267" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14893" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14888" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12400" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14892" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3192" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888" } ], "sources": [ { "db": "VULHUB", "id": "VHN-166903" }, { "db": "VULMON", "id": "CVE-2020-14062" }, { "db": "JVNDB", "id": "JVNDB-2020-006821" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "CNNVD", "id": "CNNVD-202006-996" }, { "db": "NVD", "id": "CVE-2020-14062" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-166903" }, { "db": "VULMON", "id": "CVE-2020-14062" }, { "db": "JVNDB", "id": "JVNDB-2020-006821" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "CNNVD", "id": "CNNVD-202006-996" }, { "db": "NVD", "id": "CVE-2020-14062" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-14T00:00:00", "db": "VULHUB", "id": "VHN-166903" }, { "date": "2020-06-14T00:00:00", "db": "VULMON", "id": "CVE-2020-14062" }, { "date": "2020-07-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-006821" }, { "date": "2020-07-29T17:52:58", "db": "PACKETSTORM", "id": "158650" }, { "date": "2020-10-27T16:58:42", "db": "PACKETSTORM", "id": "159724" }, { "date": "2020-07-29T17:53:05", "db": "PACKETSTORM", "id": "158651" }, { "date": "2020-07-29T00:05:59", "db": "PACKETSTORM", "id": "158636" }, { "date": "2020-06-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202006-996" }, { "date": "2020-06-14T20:15:10.167000", "db": "NVD", "id": "CVE-2020-14062" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-17T00:00:00", "db": "VULHUB", "id": "VHN-166903" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2020-14062" }, { "date": "2020-08-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-006821" }, { "date": "2022-06-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202006-996" }, { "date": "2023-11-07T03:17:06.047000", "db": "NVD", "id": "CVE-2020-14062" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "159724" }, { "db": "CNNVD", "id": "CNNVD-202006-996" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind Unreliable data deserialization vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-006821" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202006-996" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202003-1777">var-202003-1777</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. There is a code problem vulnerability in org.aoju.bus.proxy.provider.remoting.RmiProvider in FasterXML jackson-databind 2.x version before 2.9.10.4. A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. </p> <p>Security Fix(es):</p> <ul> <li> <p>apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)</p> </li> <li> <p>cxf: does not restrict the number of message attachments (CVE-2019-12406)</p> </li> <li> <p>cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12419)</p> </li> <li> <p>hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)</p> </li> <li> <p>HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)</p> </li> <li> <p>HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)</p> </li> <li> <p>HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)</p> </li> <li> <p>HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)</p> </li> <li> <p>jackson-databind: Multiple serialization gadgets (CVE-2019-17531, CVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540, CVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2019-20330, CVE-2020-8840)</p> </li> <li> <p>jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672, CVE-2020-10673)</p> </li> <li> <p>keycloak: adapter endpoints are exposed via arbitrary URLs (CVE-2019-14820)</p> </li> <li> <p>keycloak: missing signatures validation on CRL used to verify client certificates (CVE-2019-3875)</p> </li> <li> <p>keycloak: SAML broker does not check existence of signature on document allowing any user impersonation (CVE-2019-10201)</p> </li> <li> <p>keycloak: CSRF check missing in My Resources functionality in the Account Console (CVE-2019-10199)</p> </li> <li> <p>keycloak: cross-realm user access auth bypass (CVE-2019-14832)</p> </li> <li> <p>netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)</p> </li> <li> <p>SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader (CVE-2020-1729)</p> </li> <li> <p>thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)</p> </li> <li> <p>thrift: Endless loop when feed with specific input data (CVE-2019-0205)</p> </li> <li> <p>undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888)</p> </li> <li> <p>wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887)</p> </li> <li> <p>wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default (CVE-2019-14838)</p> </li> <li> <p>xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source (CVE-2019-12400)</p> </li> </ul> <p>For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section. You must be logged in to download the update. </p> <p>NOTE: This advisory is an addendum to https://access.redhat.com/errata/RHBA-2020:1414 and is an informational advisory only, to clarify security fixes released therein. No code has been modified as part of this advisory. Description:</p> <p>Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Summary:</p> <p>This is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):</p> <p>JBEAP-18881 - Upgrade Undertow to 2.0.30.SP1 JBEAP-18974 - Upgrade snakeyaml to 1.26 JBEAP-18975 - Upgrade cryptacular to 1.2.4 JBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001 JBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4 JBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final JBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final JBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final JBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes</p> <ol> <li>Description:</li> </ol> <p>Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. Description:</p> <p>Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. </p> <p>This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Solution:</p> <p>To install this update, do the following:</p> <ol> <li>Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1595621 - CVE-2017-7658 jetty: Incorrect header handling 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender</p> <ol> <li>The purpose of this text-only errata is to inform you about the security issues fixed in this release. </li> </ol> <p>Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>===================================================================== Red Hat Security Advisory</p> <p>Synopsis: Important: rh-maven35-jackson-databind security update Advisory ID: RHSA-2020:1523-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2020:1523 Issue date: 2020-04-21 Cross references: 1822587 1822174 1822932 1822937 1822927 CVE Names: CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 =====================================================================</p> <ol> <li>Summary:</li> </ol> <p>An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Relevant releases/architectures:</li> </ol> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch</p> <ol> <li>Description:</li> </ol> <p>The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. </p> <p>Security Fix(es):</p> <ul> <li> <p>jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)</p> </li> <li> <p>jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)</p> </li> <li> <p>jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)</p> </li> <li> <p>jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)</p> </li> <li> <p>jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)</p> </li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. </p> <ol> <li>Solution:</li> </ol> <p>For details on how to apply this update, which includes the changes described in this advisory, refer to:</p> <p>https://access.redhat.com/articles/11258</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime</p> <ol> <li>Package List:</li> </ol> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p> <p>These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/</p> <ol> <li>References:</li> </ol> <p>https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11111 https://access.redhat.com/security/cve/CVE-2020-11112 https://access.redhat.com/security/cve/CVE-2020-11113 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBXp7oOtzjgjWX9erEAQghsBAAk6mN7QOctoM4gV9BDkYybnwjFrgzSgQg LahdpBV7QmHQ/6rdhSlbE8sGCdrUwLJy1GvRS1PzvUY2IzLf8c0rtzcHrIiD1wWB N5kEBWiNgHOpuU4etwbR9gGsY7hhSvyxzTyRhHU36UQJqyNoc95DfbokqeAf8Ggp dfw20J8hsCkQ6OkvDCM6T9fY7jcbHdiD4jx8WSMn3bQS3o8zRf1JJlMPOqLnHM+J 998+RIzoJYqqdL7XNWPMopvR1yps2Xx+NTL4+2Vg8e+2KVxO+ksIu3EqRsCRD0wT 22iPNX3r8ETjWcfLGw0Imvc8RiRsCL7L4oa+cbIpnBdvsRr/yW8IYmvJmHwFTZlK +vIyYPAfSCLuHSktXEwZ9WDMeFsJfZr+zdVZ5MmOgvMAIqg+0RSE3VBlzmuAOMbv yNz6SPODozvMDPmW1OwLhtGsu1CigORIuTRcNSYwTkXVoAxFhWXK0sHuxc3h1ne0 x38Tgk1grF7xbBSfvJwFn0MfBhufg4+iUuFhte7mtuSu3gvjQ/qt01Oo11p8cW2m g6lX1NGEsUpEONf0NS+1hFSxWB4ex7ln98e5AqNWtLHt3S5OHzI67+/4dgl5xF7J PdLv4j8b1AqTV8wRX6pK59OeslYcPhYdMWHEbMSkQJ3WZFOILkyTm6HWer9kl3Yt 8yoMyLl6FBM= =n1if -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202003-1777" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202003-1777" aria-expanded="false" aria-controls="collapseJsonvar-202003-1777"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202003-1777&t=Vulnerability var-202003-1777" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202003-1777&title=Vulnerability var-202003-1777" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202003-1777&url=https://vulnerability.circl.lu/vuln/var-202003-1777" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202003-1777&title=Vulnerability var-202003-1777" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202003-1777&description=Vulnerability var-202003-1777" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202003-1777&title=Vulnerability var-202003-1777" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202003-1777')" vuln-id="var-202003-1777" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202003-1777"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202003-1777">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1777", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "insurance policy administration j2ee", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.1.0.15" }, { "model": "retail sales audit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.3" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.1" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "financial services price creation and discovery", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.2" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "communications network charging and control", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "12.0.3" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "financial services institutional performance analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "financial services analytical applications infrastructure", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.1.0" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "global lifecycle management opatch", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "12.2.0.1.20" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.4" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.4.2" }, { "model": "financial services retail customer analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications network charging and control", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "12.0.0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.0.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.5.0" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.4.2" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.2" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "financial services analytical applications infrastructure", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "banking platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "2.4.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.4.0.0" }, { "model": "insurance policy administration j2ee", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2.25" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.4.0" }, { "model": "banking platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "2.9.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.2" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "financial services institutional performance analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "financial services price creation and discovery", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "steelstore cloud integrated storage", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "communications calendar server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.1" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.0" }, { "model": "financial services institutional performance analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "jackson-databind", "scope": "eq", "trust": 0.8, "vendor": "fasterxml", "version": "2.9.10.4" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-003420" }, { "db": "NVD", "id": "CVE-2020-10968" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.4", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.1.0", "versionStartIncluding": "8.0.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.0.3", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.9.0", "versionStartIncluding": "2.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.2.0.1.20", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-10968" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "160601" }, { "db": "PACKETSTORM", "id": "157859" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157322" }, { "db": "CNNVD", "id": "CNNVD-202003-1625" } ], "trust": 1.3 }, "cve": "CVE-2020-10968", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-003420", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-163499", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-10968", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-003420", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-10968", "trust": 1.0, "value": "HIGH" }, { "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "id": "CVE-2020-10968", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2020-003420", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202003-1625", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-163499", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-10968", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-163499" }, { "db": "VULMON", "id": "CVE-2020-10968" }, { "db": "JVNDB", "id": "JVNDB-2020-003420" }, { "db": "CNNVD", "id": "CNNVD-202003-1625" }, { "db": "NVD", "id": "CVE-2020-10968" }, { "db": "NVD", "id": "CVE-2020-10968" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. There is a code problem vulnerability in org.aoju.bus.proxy.provider.remoting.RmiProvider in FasterXML jackson-databind 2.x version before 2.9.10.4. A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. \n\nSecurity Fix(es):\n\n* apache-commons-beanutils: does not suppresses the class property in\nPropertyUtilsBean by default (CVE-2019-10086)\n\n* cxf: does not restrict the number of message attachments (CVE-2019-12406)\n\n* cxf: OpenId Connect token service does not properly validate the clientId\n(CVE-2019-12419)\n\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* jackson-databind: Multiple serialization gadgets (CVE-2019-17531,\nCVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540,\nCVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546,\nCVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968,\nCVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619,\nCVE-2020-11620, CVE-2019-20330, CVE-2020-8840)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command \nexecution (CVE-2020-10672, CVE-2020-10673)\n\n* keycloak: adapter endpoints are exposed via arbitrary URLs\n(CVE-2019-14820)\n\n* keycloak: missing signatures validation on CRL used to verify client\ncertificates (CVE-2019-3875)\n\n* keycloak: SAML broker does not check existence of signature on document\nallowing any user impersonation (CVE-2019-10201)\n\n* keycloak: CSRF check missing in My Resources functionality in the Account\nConsole (CVE-2019-10199)\n\n* keycloak: cross-realm user access auth bypass (CVE-2019-14832)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n\n* SmallRye: SecuritySupport class is incorrectly public and contains a\nstatic method to access the current threads context class loader\n(CVE-2020-1729)\n\n* thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* thrift: Endless loop when feed with specific input data (CVE-2019-0205)\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server\nlistening on HTTPS (CVE-2019-14888)\n\n* wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not\nrespected if OpenSSL security provider is in use (CVE-2019-14887)\n\n* wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and\n\u0027Deployer\u0027 user by default (CVE-2019-14838)\n\n* xml-security: Apache Santuario potentially loads XML parsing code from an\nuntrusted source (CVE-2019-12400)\n\nFor more details about the security issues and their impact, the CVSS\nscore, acknowledgements, and other related information, see the CVE pages\nlisted in the References section. You must be logged in to download the update. \n\nNOTE: This advisory is an addendum to\nhttps://access.redhat.com/errata/RHBA-2020:1414 and is an informational\nadvisory only, to clarify security fixes released therein. No code has been\nmodified as part of this advisory. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18881 - Upgrade Undertow to 2.0.30.SP1\nJBEAP-18974 - Upgrade snakeyaml to 1.26\nJBEAP-18975 - Upgrade cryptacular to 1.2.4\nJBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001\nJBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final\nJBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final\nJBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final\nJBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes\n\n6. Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat\nData Grid 7.3.6 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See\nthe download link in the References section. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1595621 - CVE-2017-7658 jetty: Incorrect header handling\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n\n5. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-maven35-jackson-databind security update\nAdvisory ID: RHSA-2020:1523-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:1523\nIssue date: 2020-04-21\nCross references: 1822587 1822174 1822932 1822937 1822927\nCVE Names: CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 \n CVE-2020-11112 CVE-2020-11113 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-maven35-jackson-databind is now available for Red Hat\nSoftware Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. Description:\n\nThe jackson-databind package provides general data-binding functionality\nfor Jackson, which works on top of Jackson core streaming API. \n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in\norg.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)\n\n* jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n(CVE-2020-10969)\n\n* jackson-databind: Serialization gadgets in\norg.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)\n\n* jackson-databind: Serialization gadgets in\norg.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)\n\n* jackson-databind: Serialization gadgets in\norg.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11111\nhttps://access.redhat.com/security/cve/CVE-2020-11112\nhttps://access.redhat.com/security/cve/CVE-2020-11113\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXp7oOtzjgjWX9erEAQghsBAAk6mN7QOctoM4gV9BDkYybnwjFrgzSgQg\nLahdpBV7QmHQ/6rdhSlbE8sGCdrUwLJy1GvRS1PzvUY2IzLf8c0rtzcHrIiD1wWB\nN5kEBWiNgHOpuU4etwbR9gGsY7hhSvyxzTyRhHU36UQJqyNoc95DfbokqeAf8Ggp\ndfw20J8hsCkQ6OkvDCM6T9fY7jcbHdiD4jx8WSMn3bQS3o8zRf1JJlMPOqLnHM+J\n998+RIzoJYqqdL7XNWPMopvR1yps2Xx+NTL4+2Vg8e+2KVxO+ksIu3EqRsCRD0wT\n22iPNX3r8ETjWcfLGw0Imvc8RiRsCL7L4oa+cbIpnBdvsRr/yW8IYmvJmHwFTZlK\n+vIyYPAfSCLuHSktXEwZ9WDMeFsJfZr+zdVZ5MmOgvMAIqg+0RSE3VBlzmuAOMbv\nyNz6SPODozvMDPmW1OwLhtGsu1CigORIuTRcNSYwTkXVoAxFhWXK0sHuxc3h1ne0\nx38Tgk1grF7xbBSfvJwFn0MfBhufg4+iUuFhte7mtuSu3gvjQ/qt01Oo11p8cW2m\ng6lX1NGEsUpEONf0NS+1hFSxWB4ex7ln98e5AqNWtLHt3S5OHzI67+/4dgl5xF7J\nPdLv4j8b1AqTV8wRX6pK59OeslYcPhYdMWHEbMSkQJ3WZFOILkyTm6HWer9kl3Yt\n8yoMyLl6FBM=\n=n1if\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2020-10968" }, { "db": "JVNDB", "id": "JVNDB-2020-003420" }, { "db": "VULHUB", "id": "VHN-163499" }, { "db": "VULMON", "id": "CVE-2020-10968" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "160601" }, { "db": "PACKETSTORM", "id": "157859" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157322" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-10968", "trust": 3.3 }, { "db": "PACKETSTORM", "id": "159208", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "158651", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "157322", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "160601", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-003420", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202003-1625", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "159724", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "157859", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.1399", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1766", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2588", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.4471", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3190", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1368", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3703", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1882", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2619", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "NSFOCUS", "id": "48376", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "158650", "trust": 0.1 }, { "db": "CNVD", "id": "CNVD-2020-24033", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-163499", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-10968", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "157741", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158636", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-163499" }, { "db": "VULMON", "id": "CVE-2020-10968" }, { "db": "JVNDB", "id": "JVNDB-2020-003420" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "160601" }, { "db": "PACKETSTORM", "id": "157859" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157322" }, { "db": "CNNVD", "id": "CNNVD-202003-1625" }, { "db": "NVD", "id": "CVE-2020-10968" } ] }, "id": "VAR-202003-1777", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-163499" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T19:40:07.001000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Block one more gadget type (bus-proxy, CVE-2020-10968) #2662", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2662" }, { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115309" }, { "title": "Red Hat: Moderate: Red Hat Single Sign-On 7.4.0 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205625 - security advisory" }, { "title": "Red Hat: Important: rh-maven35-jackson-databind security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201523 - security advisory" }, { "title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203779 - security advisory" }, { "title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 19 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202333 - security advisory" }, { "title": "Red Hat: Important: Satellite 6.8 release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204366 - security advisory" }, { "title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory" }, { "title": "IBM: Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affect IBM Sterling B2B Integrator", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9bb4efe27af18414a7db703d1dd40070" }, { "title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory" }, { "title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202067 - security advisory" }, { "title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "cubed", "trust": 0.1, "url": "https://github.com/yahoo/cubed " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-10968" }, { "db": "JVNDB", "id": "JVNDB-2020-003420" }, { "db": "CNNVD", "id": "CNNVD-202003-1625" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-163499" }, { "db": "JVNDB", "id": "JVNDB-2020-003420" }, { "db": "NVD", "id": "CVE-2020-10968" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20200403-0002/" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2662" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html" }, { "trust": 1.0, "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.8, "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10968" }, { "trust": 0.7, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2020-11112" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2020-11113" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2020-10968" }, { "trust": 0.7, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.7, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2020-11111" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-10969" }, { "trust": 0.6, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1368/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3703/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/157859/red-hat-security-advisory-2020-2333-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2588/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-denial-of-service-via-bus-proxy-rmiprovider-serialization-gadgets-typing-32061" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2619/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1766/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/157322/red-hat-security-advisory-2020-1523-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/160601/red-hat-security-advisory-2020-5625-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1882/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4471/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3190/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159724/red-hat-security-advisory-2020-4366-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1399/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/48376" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-10672" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-11619" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-11620" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9547" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-9546" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-20330" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10673" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-10086" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-7238" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-9548" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-8840" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-16335" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-16943" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-17531" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-14540" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-17267" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-14893" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-16942" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-14888" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-14892" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-17573" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-20445" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-1745" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-20444" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445" }, { "trust": 0.2, "url": "https://access.redhat.com/errata/rhsa-2020:5625" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9515" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9514" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0210" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9511" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12406" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12419" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0205" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9512" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12400" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14887" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1695" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16869" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12423" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-14060" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-14061" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-14062" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-11612" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-10172" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1757" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3875" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14832" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2067" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10219" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10199" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10201" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1729" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14820" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1727" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1727" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=distributions\u0026version=7.4" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2020:1414" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2333" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/19/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10688" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xeap-cd\u0026downloadtype=securitypatches\u0026version\u0019" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10174" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1732" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13990" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3197" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1718" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9518" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9488" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=securitypatches\u0026version=7.3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3779" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10714" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7658" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1710" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-7658" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1748" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3831" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-12541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4970" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9827" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1953" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3192" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14195" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3797" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:1523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" } ], "sources": [ { "db": "VULHUB", "id": "VHN-163499" }, { "db": "VULMON", "id": "CVE-2020-10968" }, { "db": "JVNDB", "id": "JVNDB-2020-003420" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "160601" }, { "db": "PACKETSTORM", "id": "157859" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157322" }, { "db": "CNNVD", "id": "CNNVD-202003-1625" }, { "db": "NVD", "id": "CVE-2020-10968" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-163499" }, { "db": "VULMON", "id": "CVE-2020-10968" }, { "db": "JVNDB", "id": "JVNDB-2020-003420" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "160601" }, { "db": "PACKETSTORM", "id": "157859" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157322" }, { "db": "CNNVD", "id": "CNNVD-202003-1625" }, { "db": "NVD", "id": "CVE-2020-10968" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-26T00:00:00", "db": "VULHUB", "id": "VHN-163499" }, { "date": "2020-03-26T00:00:00", "db": "VULMON", "id": "CVE-2020-10968" }, { "date": "2020-04-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-003420" }, { "date": "2020-05-18T16:42:53", "db": "PACKETSTORM", "id": "157741" }, { "date": "2020-12-17T18:09:37", "db": "PACKETSTORM", "id": "160601" }, { "date": "2020-05-28T16:22:46", "db": "PACKETSTORM", "id": "157859" }, { "date": "2020-07-29T17:53:05", "db": "PACKETSTORM", "id": "158651" }, { "date": "2020-09-17T14:07:40", "db": "PACKETSTORM", "id": "159208" }, { "date": "2020-07-29T00:05:59", "db": "PACKETSTORM", "id": "158636" }, { "date": "2020-04-21T14:19:58", "db": "PACKETSTORM", "id": "157322" }, { "date": "2020-03-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-1625" }, { "date": "2020-03-26T13:15:12.970000", "db": "NVD", "id": "CVE-2020-10968" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-07T00:00:00", "db": "VULHUB", "id": "VHN-163499" }, { "date": "2021-12-07T00:00:00", "db": "VULMON", "id": "CVE-2020-10968" }, { "date": "2020-04-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-003420" }, { "date": "2022-06-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-1625" }, { "date": "2024-07-03T01:36:08.923000", "db": "NVD", "id": "CVE-2020-10968" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-1625" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind Unreliable data deserialization vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-003420" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-1625" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202101-1930">var-202101-1930</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. A code issue vulnerability exists in FasterXML jackson-databind versions 2.x through 2.9.10.8 due to the software's failure to handle interactions with org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>===================================================================== Red Hat Security Advisory</p> <p>Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================</p> <ol> <li>Summary:</li> </ol> <p>Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Description:</li> </ol> <p>Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. </p> <ol> <li>Solution:</li> </ol> <p>This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:</p> <p>https://access.redhat.com/errata/RHBA-2021:1232</p> <p>All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor</p> <p>For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:</p> <p>https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html</p> <p>Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:</p> <p>https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):</p> <p>LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"</p> <p>5</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202101-1930" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202101-1930" aria-expanded="false" aria-controls="collapseJsonvar-202101-1930"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202101-1930&t=Vulnerability var-202101-1930" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202101-1930&title=Vulnerability var-202101-1930" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202101-1930&url=https://vulnerability.circl.lu/vuln/var-202101-1930" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202101-1930&title=Vulnerability var-202101-1930" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202101-1930&description=Vulnerability var-202101-1930" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202101-1930&title=Vulnerability var-202101-1930" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202101-1930')" vuln-id="var-202101-1930" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202101-1930"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202101-1930">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1930", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "communications policy management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.5.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "communications pricing design center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.0" }, { "model": "retail customer management and segmentation foundation", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "commerce platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.2" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.6.7.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.3.2" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.5.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "banking treasury management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3" }, { "model": "cloud backup", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "data integrator", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0.2" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.4.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "retail customer management and segmentation foundation", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "communications unified inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4.1" }, { "model": "communications convergent charging controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "insurance rules palette", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "goldengate application adapters", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1.0.0.0" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "communications diameter signaling route", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.5.0.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.0" }, { "model": "insurance rules palette", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "communications diameter signaling route", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.0.0." }, { "model": "communications services gatekeeper", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.10" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0" }, { "model": "insurance policy administration", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "insurance policy administration", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12.0" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.2" }, { "model": "communications offline mediation controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3.1" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.11" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "communications cloud native core policy", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.14.0" }, { "model": "communications cloud native core unified data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.4.0" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.8" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.2.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0.4" }, { "model": "service level manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "commerce platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.5.0.23.0" }, { "model": "blockchain platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.1.2" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0.3" }, { "model": "insurance policy administration", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.11" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.1" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.4" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.6" }, { "model": "service level manager", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "jackson-databind", "scope": null, "trust": 0.8, "vendor": "fasterxml", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002838" }, { "db": "NVD", "id": "CVE-2020-36183" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.8", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.2", "versionStartIncluding": "11.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.10", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.11", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.0", "versionStartIncluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.5.0.0", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.4.0", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.1.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-36183" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202101-371" } ], "trust": 0.8 }, "cve": "CVE-2020-36183", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-36183", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-381450", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-36183", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-36183", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202101-371", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-381450", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-36183", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-381450" }, { "db": "VULMON", "id": "CVE-2020-36183" }, { "db": "JVNDB", "id": "JVNDB-2021-002838" }, { "db": "NVD", "id": "CVE-2020-36183" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-371" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. A code issue vulnerability exists in FasterXML jackson-databind versions 2.x through 2.9.10.8 due to the software\u0027s failure to handle interactions with org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2020-36183" }, { "db": "JVNDB", "id": "JVNDB-2021-002838" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-381450" }, { "db": "VULMON", "id": "CVE-2020-36183" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-36183", "trust": 2.8 }, { "db": "PACKETSTORM", "id": "162350", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162493", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-002838", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021110515", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021050708", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042826", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1397", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1437", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1573", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-371", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-381450", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-36183", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381450" }, { "db": "VULMON", "id": "CVE-2020-36183" }, { "db": "JVNDB", "id": "JVNDB-2021-002838" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36183" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-371" } ] }, "id": "VAR-202101-1930", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-381450" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:12:50.035000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "xalan-interpretive,\u00a0CVE-2020-36183)\u00a0#3003 NetAppNetApp\u00a0Advisory", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138966" }, { "title": "IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-36183" }, { "db": "JVNDB", "id": "JVNDB-2021-002838" }, { "db": "CNNVD", "id": "CNNVD-202101-371" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.1 }, { "problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381450" }, { "db": "JVNDB", "id": "JVNDB-2021-002838" }, { "db": "NVD", "id": "CVE-2020-36183" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { "trust": 1.8, "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/3003" }, { "trust": 1.8, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183" }, { "trust": 0.7, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1437" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6455267" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021110515" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042826" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1397" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1573" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021050708" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19360" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20190" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14719" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35491" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36180" }, { "trust": 0.2, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36188" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36179" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36182" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24750" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36186" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14379" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1230" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2021:1232" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2163" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1515" } ], "sources": [ { "db": "VULHUB", "id": "VHN-381450" }, { "db": "VULMON", "id": "CVE-2020-36183" }, { "db": "JVNDB", "id": "JVNDB-2021-002838" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36183" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-371" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-381450" }, { "db": "VULMON", "id": "CVE-2020-36183" }, { "db": "JVNDB", "id": "JVNDB-2021-002838" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36183" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-371" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-07T00:00:00", "db": "VULHUB", "id": "VHN-381450" }, { "date": "2021-01-07T00:00:00", "db": "VULMON", "id": "CVE-2020-36183" }, { "date": "2021-10-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-002838" }, { "date": "2021-04-27T15:37:46", "db": "PACKETSTORM", "id": "162350" }, { "date": "2021-05-06T15:03:00", "db": "PACKETSTORM", "id": "162493" }, { "date": "2021-01-07T00:15:15.023000", "db": "NVD", "id": "CVE-2020-36183" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-01-06T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-371" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-02T00:00:00", "db": "VULHUB", "id": "VHN-381450" }, { "date": "2022-09-02T00:00:00", "db": "VULMON", "id": "CVE-2020-36183" }, { "date": "2021-10-06T01:05:00", "db": "JVNDB", "id": "JVNDB-2021-002838" }, { "date": "2023-09-13T14:56:58", "db": "NVD", "id": "CVE-2020-36183" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-07-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-371" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-371" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002838" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-201907-0806">var-201907-0806</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. FasterXML jackson-databind Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. The SubTypeValidator.java file in versions earlier than FasterXML jackson-databind 2.9.9.2 has an input validation error vulnerability. An attacker could exploit this vulnerability to execute code. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"</p> <ol> <li>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</li> </ol> <p>==================================================================== <br /> Red Hat Security Advisory</p> <p>Synopsis: Important: Red Hat Data Grid 7.3.3 security update Advisory ID: RHSA-2020:0727-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2020:0727 Issue date: 2020-03-05 CVE Names: CVE-2018-14335 CVE-2019-3805 CVE-2019-3888 CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2019-9518 CVE-2019-10173 CVE-2019-10174 CVE-2019-10184 CVE-2019-10212 CVE-2019-14379 ==================================================================== 1. Summary:</p> <p>An update for Red Hat Data Grid is now available. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Description:</li> </ol> <p>Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. </p> <p>This release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat Data Grid 7.3.2 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. </p> <p>Security Fix(es):</p> <ul> <li> <p>HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)</p> </li> <li> <p>HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)</p> </li> <li> <p>HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)</p> </li> <li> <p>HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)</p> </li> <li> <p>xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) (CVE-2019-10173)</p> </li> <li> <p>infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)</p> </li> <li> <p>jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)</p> </li> <li> <p>h2: Information Exposure due to insecure handling of permissions in the backup (CVE-2018-14335)</p> </li> <li> <p>wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805)</p> </li> <li> <p>undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)</p> </li> <li> <p>undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files (CVE-2019-10212)</p> </li> <li> <p>undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)</p> </li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. </p> <ol> <li>Solution:</li> </ol> <p>To install this update, do the following:</p> <ol> <li>Download the Data Grid 7.3.3 server patch from the customer portal. </li> <li>Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. </li> <li>Install the Data Grid 7.3.3 server patch. Refer to the 7.3 Release Notes for patching instructions. </li> <li> <p>Restart Data Grid to ensure the changes take effect. </p> </li> <li> <p>Bugs fixed (https://bugzilla.redhat.com/):</p> </li> </ol> <p>1610877 - CVE-2018-14335 h2: Information Exposure due to insecure handling of permissions in the backup 1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users 1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed 1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1722971 - CVE-2019-10173 xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) 1731984 - CVE-2019-10212 undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution</p> <ol> <li>References:</li> </ol> <p>https://access.redhat.com/security/cve/CVE-2018-14335 https://access.redhat.com/security/cve/CVE-2019-3805 https://access.redhat.com/security/cve/CVE-2019-3888 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-9518 https://access.redhat.com/security/cve/CVE-2019-10173 https://access.redhat.com/security/cve/CVE-2019-10174 https://access.redhat.com/security/cve/CVE-2019-10184 https://access.redhat.com/security/cve/CVE-2019-10212 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\xdata.grid&downloadType=patches&version=7.3 https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBXmD2b9zjgjWX9erEAQhDqA/9G7uM0HlTt4M6Z9Zc23FSbbr+jj1k/o69 a5WWa+xS3Ko4IvlN5rt+wOHSFet+NTMAerNHzAsB2+viX1hr14Hwf3QnIom/yxbJ PaC1djdaZfcvSIODhbq/C5Ilae09x3rW1voQ39i1Q2bsEqVePLZdC75KjvNLsfqe QJCMvcO3jkccxn7k45baCfTGsFyOhHb17Y9DRarWsC7jO9kEjMxrUPN6qKP6BC9t RMuqDxo1aJnatMeCWb7NA0UpOz0+lFpuR+ZZYPV444nGmfTKrbc9c5TuQUCSP+LD sG1+fh2xMztuGxNiJfgSP3iqHmgXD9TBxh1kxn1kt59llCO5+Uqu/O5OsqeQQ0Ym I+a2VAzn2N776sTbWIZ3231IJex68oG+4/fIo6/FVVJpmtDIDgumgErTPD0kkNuT yyyn3u50RZohzSxEz37QdiQDJbiJcJhmtFR5fLRAbFa8Ys2Gw81PGFba95/kVooX K5uSukzOBm8nhxfBvwZDCY/gWuJwVLSAOJb4VoPZiR2WbZsx+9r+spQv6K9wYr5v s//DY88rsUSaMH4kGco//6Dqis8IwOISr/ZR+Edlnrz1rHv9Z4XerMw56VUKIHva mS7rdNmbLqHN0XfZImxewLca2i7sWIlxWrgKF2f4zEO3ermivdis7RdssZkJ9Zv9 S7B2VoNOQj4=zoia -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:</p> <p>Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Solution:</p> <p>Before applying this update, make sure all previously released errata relevant to your system have been applied. </p> <p>For details on how to apply this update, refer to:</p> <p>https://access.redhat.com/articles/11258</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. JIRA issues fixed (https://issues.jboss.org/):</p> <p>KEYCLOAK-11455 - Tracker bug for the RH-SSO 7.3.4 release for RHEL7</p> <ol> <li> <p>Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/</p> </li> <li> <p>Description:</p> </li> </ol> <p>Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. </p> <p>It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. </p> <p>The References section of this erratum contains a download link (you must log in to download the update). JIRA issues fixed (https://issues.jboss.org/):</p> <p>JBEAP-16455 - <a href="7.2.z">GSS</a> Upgrade Infinispan from 9.3.6 to 9.3.7 JBEAP-16779 - <a href="7.2.z">GSS</a> Upgrade Hibernate ORM from 5.3.10 to 5.3.11 JBEAP-17045 - <a href="7.2.z">GSS</a> Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00001 to 2.3.5.SP3-redhat-00002 JBEAP-17062 - <a href="7.2.z">GSS</a> Upgrade Artemis from 2.7.0.redhat-00057 to 2.9.0.redhat-00005 JBEAP-17073 - <a href="7.2.z">GSS</a> Upgrade jboss-ejb-client from 4.0.20 to 4.0.23 JBEAP-17109 - (7.2.z) Upgrade XNIO from 3.6.6.Final-redhat-00001 to 3.7.3.Final-redhat-00001 JBEAP-17112 - <a href="7.2.z">GSS</a> Upgrade JBoss Remoting from 5.0.12 to 5.0.14.SP1 JBEAP-17144 - Tracker bug for the EAP 7.2.4 release for RHEL-8 JBEAP-17162 - <a href="7.2.z">GSS</a> Upgrade jgroups from 4.0.19 to 4.0.20 JBEAP-17178 - (7.2.z) Upgrade IronJacamar from 1.4.16.Final to 1.4.17.Final JBEAP-17182 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007 JBEAP-17183 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007 JBEAP-17223 - <a href="7.2.z">GSS</a> Upgrade WildFly Core from 6.0.15 to 6.0.16 JBEAP-17238 - <a href="7.2.z">GSS</a> Upgrade HAL from 3.0.13 to 3.0.16 JBEAP-17250 - <a href="7.2.z">GSS</a> Upgrade JBoss MSC from 1.4.5 to 1.4.8 JBEAP-17271 - <a href="7.2.z">GSS</a> Upgrade jboss-logmanager from 2.1.7.Final-redhat-00001 to 2.1.14.Final-redhat-00001 JBEAP-17273 - <a href="7.2.z">GSS</a> Upgrade jboss-logging from 3.3.2.Final-redhat-00001 to 3.3.3.Final-redhat-00001 JBEAP-17274 - <a href="7.2.z">GSS</a> Upgrade Wildfly Elytron from 1.6.3.Final-redhat-00001 to 1.6.4.Final-redhat-00001 JBEAP-17276 - <a href="7.2.z">GSS</a> Upgrade wildfly-transaction-client from 1.1.4.Final-redhat-00001 to 1.1.6.Final-redhat-00001 JBEAP-17277 - <a href="7.2.z">GSS</a> Upgrade Undertow from 2.0.22 to 2.0.25.SP1 JBEAP-17278 - <a href="7.2.z">GSS</a> Upgrade JBoss Marshalling from 2.0.7 to 2.0.9 JBEAP-17294 - <a href="7.2.z">GSS</a> Upgrade weld from 3.0.6.Final-redhat-00001 to 3.0.6.Final-redhat-00002 JBEAP-17311 - <a href="7.2.z">GSS</a> Upgrade jboss-jaxrs-api_2.1_spec from 1.0.1.Final-redhat-00001 to 1.0.3.Final-redhat-00001 JBEAP-17320 - <a href="7.2.z">GSS</a> Upgrade PicketBox from 5.0.3.Final-redhat-3 to 5.0.3.Final-redhat-00004 JBEAP-17321 - <a href="7.2.z">GSS</a> Upgrade Narayana from 5.9.3.Final to 5.9.6.Final JBEAP-17334 - (7.2.z) Upgrade Elytron-Tool from 1.4.2 to 1.4.3.Final JBEAP-17527 - <a href="7.2.z">GSS</a> Upgrade Hibernate ORM from 5.3.11 to 5.3.11.SP1</p> <p>7</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-201907-0806" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201907-0806" aria-expanded="false" aria-controls="collapseJsonvar-201907-0806"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201907-0806&t=Vulnerability var-201907-0806" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201907-0806&title=Vulnerability var-201907-0806" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201907-0806&url=https://vulnerability.circl.lu/vuln/var-201907-0806" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201907-0806&title=Vulnerability var-201907-0806" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201907-0806&description=Vulnerability var-201907-0806" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201907-0806&title=Vulnerability var-201907-0806" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201907-0806')" vuln-id="var-201907-0806" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-201907-0806"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-201907-0806">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0806", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jackson-databind", "scope": "lt", "trust": 1.8, "vendor": "fasterxml", "version": "2.9.9.2" }, { "model": "jd edwards enterpriseone tools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.2" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.7.0" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "9.5" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.2" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.1" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.0" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.2" }, { "model": "retail customer management and segmentation foundation", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.4.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.9.6" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.6.1" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.7.1" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "29" }, { "model": "siebel ui framework", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.10" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.2.1" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1" }, { "model": "openshift container platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "4.1" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.6.0" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.3.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0" }, { "model": "snapcenter", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "financial services analytical applications infrastructure", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.8" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.4.1" }, { "model": "openshift container platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "3.11" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.0.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "single sign-on", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "7.3" }, { "model": "xcode", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.3" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "30" }, { "model": "service level manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.6.7.3" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.5.0" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.2" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.8.11.4" }, { "model": "siebel engineering - installer \\\u0026 deployment", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.8" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "31" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "financial services analytical applications infrastructure", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.2" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.2" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.2" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.8.0" }, { "model": "goldengate stream analytics", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "19.1.0.0.1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-007329" }, { "db": "NVD", "id": "CVE-2019-14379" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.9.2", "versionStartIncluding": "2.9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7.9.6", "versionStartIncluding": "2.7.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.8.11.4", "versionStartIncluding": "2.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.6.7.3", "versionStartIncluding": "2.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "versionStartIncluding": "9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.10", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "19.1.0.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.8", "versionStartIncluding": "8.0.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:siebel_engineering_-_installer_\\\u0026_deployment:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-14379" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "154845" }, { "db": "PACKETSTORM", "id": "155054" }, { "db": "PACKETSTORM", "id": "154686" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "156628" }, { "db": "PACKETSTORM", "id": "154844" }, { "db": "PACKETSTORM", "id": "154793" }, { "db": "PACKETSTORM", "id": "155051" }, { "db": "PACKETSTORM", "id": "154665" }, { "db": "CNNVD", "id": "CNNVD-201907-1434" } ], "trust": 1.5 }, "cve": "CVE-2019-14379", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2019-14379", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-146319", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-14379", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-14379", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-201907-1434", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-146319", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2019-14379", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-146319" }, { "db": "VULMON", "id": "CVE-2019-14379" }, { "db": "JVNDB", "id": "JVNDB-2019-007329" }, { "db": "CNNVD", "id": "CNNVD-201907-1434" }, { "db": "NVD", "id": "CVE-2019-14379" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. FasterXML jackson-databind Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. The SubTypeValidator.java file in versions earlier than FasterXML jackson-databind 2.9.9.2 has an input validation error vulnerability. An attacker could exploit this vulnerability to execute code. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat Data Grid 7.3.3 security update\nAdvisory ID: RHSA-2020:0727-01\nProduct: Red Hat JBoss Data Grid\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:0727\nIssue date: 2020-03-05\nCVE Names: CVE-2018-14335 CVE-2019-3805 CVE-2019-3888\n CVE-2019-9512 CVE-2019-9514 CVE-2019-9515\n CVE-2019-9518 CVE-2019-10173 CVE-2019-10174\n CVE-2019-10184 CVE-2019-10212 CVE-2019-14379\n====================================================================\n1. Summary:\n\nAn update for Red Hat Data Grid is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat\nData Grid 7.3.2 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. \n\nSecurity Fix(es):\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: flood using empty frames results in excessive resource\nconsumption (CVE-2019-9518)\n\n* xstream: remote code execution due to insecure XML deserialization\n(regression of CVE-2013-7285) (CVE-2019-10173)\n\n* infinispan: invokeAccessibly method from ReflectionUtil class allows to\ninvoke private methods (CVE-2019-10174)\n\n* jackson-databind: default typing mishandling leading to remote code\nexecution (CVE-2019-14379)\n\n* h2: Information Exposure due to insecure handling of permissions in the\nbackup (CVE-2018-14335)\n\n* wildfly: Race condition on PID file allows for termination of arbitrary\nprocesses by local users (CVE-2019-3805)\n\n* undertow: leak credentials to log files\nUndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)\n\n* undertow: DEBUG log for io.undertow.request.security if enabled leaks\ncredentials to log files (CVE-2019-10212)\n\n* undertow: Information leak in requests for directories without trailing\nslashes (CVE-2019-10184)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.3 server patch from the customer portal. \n2. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. \n3. Install the Data Grid 7.3.3 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. \n4. Restart Data Grid to ensure the changes take effect. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1610877 - CVE-2018-14335 h2: Information Exposure due to insecure handling of permissions in the backup\n1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users\n1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed\n1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods\n1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes\n1722971 - CVE-2019-10173 xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)\n1731984 - CVE-2019-10212 undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files\n1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth\n1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth\n1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14335\nhttps://access.redhat.com/security/cve/CVE-2019-3805\nhttps://access.redhat.com/security/cve/CVE-2019-3888\nhttps://access.redhat.com/security/cve/CVE-2019-9512\nhttps://access.redhat.com/security/cve/CVE-2019-9514\nhttps://access.redhat.com/security/cve/CVE-2019-9515\nhttps://access.redhat.com/security/cve/CVE-2019-9518\nhttps://access.redhat.com/security/cve/CVE-2019-10173\nhttps://access.redhat.com/security/cve/CVE-2019-10174\nhttps://access.redhat.com/security/cve/CVE-2019-10184\nhttps://access.redhat.com/security/cve/CVE-2019-10212\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\\xdata.grid\u0026downloadType=patches\u0026version=7.3\nhttps://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXmD2b9zjgjWX9erEAQhDqA/9G7uM0HlTt4M6Z9Zc23FSbbr+jj1k/o69\na5WWa+xS3Ko4IvlN5rt+wOHSFet+NTMAerNHzAsB2+viX1hr14Hwf3QnIom/yxbJ\nPaC1djdaZfcvSIODhbq/C5Ilae09x3rW1voQ39i1Q2bsEqVePLZdC75KjvNLsfqe\nQJCMvcO3jkccxn7k45baCfTGsFyOhHb17Y9DRarWsC7jO9kEjMxrUPN6qKP6BC9t\nRMuqDxo1aJnatMeCWb7NA0UpOz0+lFpuR+ZZYPV444nGmfTKrbc9c5TuQUCSP+LD\nsG1+fh2xMztuGxNiJfgSP3iqHmgXD9TBxh1kxn1kt59llCO5+Uqu/O5OsqeQQ0Ym\nI+a2VAzn2N776sTbWIZ3231IJex68oG+4/fIo6/FVVJpmtDIDgumgErTPD0kkNuT\nyyyn3u50RZohzSxEz37QdiQDJbiJcJhmtFR5fLRAbFa8Ys2Gw81PGFba95/kVooX\nK5uSukzOBm8nhxfBvwZDCY/gWuJwVLSAOJb4VoPZiR2WbZsx+9r+spQv6K9wYr5v\ns//DY88rsUSaMH4kGco//6Dqis8IwOISr/ZR+Edlnrz1rHv9Z4XerMw56VUKIHva\nmS7rdNmbLqHN0XfZImxewLca2i7sWIlxWrgKF2f4zEO3ermivdis7RdssZkJ9Zv9\nS7B2VoNOQj4=zoia\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs\n1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes\n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. \n1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. JIRA issues fixed (https://issues.jboss.org/):\n\nKEYCLOAK-11455 - Tracker bug for the RH-SSO 7.3.4 release for RHEL7\n\n7. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-16455 - [GSS](7.2.z) Upgrade Infinispan from 9.3.6 to 9.3.7\nJBEAP-16779 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.10 to 5.3.11\nJBEAP-17045 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00001 to 2.3.5.SP3-redhat-00002\nJBEAP-17062 - [GSS](7.2.z) Upgrade Artemis from 2.7.0.redhat-00057 to 2.9.0.redhat-00005\nJBEAP-17073 - [GSS](7.2.z) Upgrade jboss-ejb-client from 4.0.20 to 4.0.23\nJBEAP-17109 - (7.2.z) Upgrade XNIO from 3.6.6.Final-redhat-00001 to 3.7.3.Final-redhat-00001\nJBEAP-17112 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.12 to 5.0.14.SP1\nJBEAP-17144 - Tracker bug for the EAP 7.2.4 release for RHEL-8\nJBEAP-17162 - [GSS](7.2.z) Upgrade jgroups from 4.0.19 to 4.0.20\nJBEAP-17178 - (7.2.z) Upgrade IronJacamar from 1.4.16.Final to 1.4.17.Final\nJBEAP-17182 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007\nJBEAP-17183 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007\nJBEAP-17223 - [GSS](7.2.z) Upgrade WildFly Core from 6.0.15 to 6.0.16\nJBEAP-17238 - [GSS](7.2.z) Upgrade HAL from 3.0.13 to 3.0.16\nJBEAP-17250 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.5 to 1.4.8\nJBEAP-17271 - [GSS](7.2.z) Upgrade jboss-logmanager from 2.1.7.Final-redhat-00001 to 2.1.14.Final-redhat-00001\nJBEAP-17273 - [GSS](7.2.z) Upgrade jboss-logging from 3.3.2.Final-redhat-00001 to 3.3.3.Final-redhat-00001\nJBEAP-17274 - [GSS](7.2.z) Upgrade Wildfly Elytron from 1.6.3.Final-redhat-00001 to 1.6.4.Final-redhat-00001\nJBEAP-17276 - [GSS](7.2.z) Upgrade wildfly-transaction-client from 1.1.4.Final-redhat-00001 to 1.1.6.Final-redhat-00001\nJBEAP-17277 - [GSS](7.2.z) Upgrade Undertow from 2.0.22 to 2.0.25.SP1\nJBEAP-17278 - [GSS](7.2.z) Upgrade JBoss Marshalling from 2.0.7 to 2.0.9\nJBEAP-17294 - [GSS](7.2.z) Upgrade weld from 3.0.6.Final-redhat-00001 to 3.0.6.Final-redhat-00002\nJBEAP-17311 - [GSS](7.2.z) Upgrade jboss-jaxrs-api_2.1_spec from 1.0.1.Final-redhat-00001 to 1.0.3.Final-redhat-00001\nJBEAP-17320 - [GSS](7.2.z) Upgrade PicketBox from 5.0.3.Final-redhat-3 to 5.0.3.Final-redhat-00004\nJBEAP-17321 - [GSS](7.2.z) Upgrade Narayana from 5.9.3.Final to 5.9.6.Final\nJBEAP-17334 - (7.2.z) Upgrade Elytron-Tool from 1.4.2 to 1.4.3.Final\nJBEAP-17527 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11 to 5.3.11.SP1\n\n7", "sources": [ { "db": "NVD", "id": "CVE-2019-14379" }, { "db": "JVNDB", "id": "JVNDB-2019-007329" }, { "db": "VULHUB", "id": "VHN-146319" }, { "db": "VULMON", "id": "CVE-2019-14379" }, { "db": "PACKETSTORM", "id": "154845" }, { "db": "PACKETSTORM", "id": "155054" }, { "db": "PACKETSTORM", "id": "154686" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "156628" }, { "db": "PACKETSTORM", "id": "154844" }, { "db": "PACKETSTORM", "id": "154793" }, { "db": "PACKETSTORM", "id": "155051" }, { "db": "PACKETSTORM", "id": "154665" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-14379", "trust": 3.5 }, { "db": "PACKETSTORM", "id": "162493", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-007329", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "166313", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "154469", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "162350", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-201907-1434", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "156628", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031501", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021050708", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042826", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4754", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4370", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3481", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4323", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1076", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4588", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1440", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1573", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3074", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1437", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3836", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3643", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0381", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0832", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "155382", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "156941", "trust": 0.6 }, { "db": "NSFOCUS", "id": "45801", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-146319", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2019-14379", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154845", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "155054", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154686", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154844", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154793", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "155051", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154665", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-146319" }, { "db": "VULMON", "id": "CVE-2019-14379" }, { "db": "JVNDB", "id": "JVNDB-2019-007329" }, { "db": "PACKETSTORM", "id": "154845" }, { "db": "PACKETSTORM", "id": "155054" }, { "db": "PACKETSTORM", "id": "154686" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "156628" }, { "db": "PACKETSTORM", "id": "154844" }, { "db": "PACKETSTORM", "id": "154793" }, { "db": "PACKETSTORM", "id": "155051" }, { "db": "PACKETSTORM", "id": "154665" }, { "db": "CNNVD", "id": "CNNVD-201907-1434" }, { "db": "NVD", "id": "CVE-2019-14379" } ] }, "id": "VAR-201907-0806", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-146319" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T19:27:57.849000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Comparing changes", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2" }, { "title": "Block one more gadget type (ehcache, CVE-2019-14379) #2387", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2387" }, { "title": "FasterXML jackson-databind Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=95557" }, { "title": "Red Hat: Important: rh-maven35-jackson-databind security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192743 - security advisory" }, { "title": "Red Hat: Important: Red Hat Process Automation Manager 7.5.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193297 - security advisory" }, { "title": "Red Hat: Important: Red Hat Decision Manager 7.5.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193292 - security advisory" }, { "title": "Debian CVElist Bug Report Logs: jackson-databind: CVE-2019-14361 CVE-2019-14379", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a0e42c604708bdf7d86284f91b76327e" }, { "title": "Red Hat: Important: Red Hat OpenShift Application Runtimes Vert.x 3.8.3 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193901 - security advisory" }, { "title": "Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 8", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193046 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192938 - security advisory" }, { "title": "Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193050 - security advisory" }, { "title": "Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 7", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193045 - security advisory" }, { "title": "Red Hat: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 6", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193044 - security advisory" }, { "title": "Red Hat: Important: Red Hat OpenShift Application Runtimes Thorntail 2.5.0 security \u0026 bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192998 - security advisory" }, { "title": "Red Hat: CVE-2019-14379", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2019-14379" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 8 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192937 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 7 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192936 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 6 Security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192935 - security advisory" }, { "title": "IBM: IBM Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8e202227ddeed5e361f0c0e3dbbf0fe3" }, { "title": "Red Hat: Important: Red Hat Data Grid 7.3.3 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200727 - security advisory" }, { "title": "IBM: IBM Security Bulletin: Vulnerabilities in FasterXML Jackson libraries affect IBM C\u00faram Social Program Management (CVE-2019-14439, CVE-2019-14379, CVE-2019-12814, CVE-2019-12086)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7577d61736064271602a887577c2f766" }, { "title": "Red Hat: Important: Red Hat Fuse 7.6.0 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200983 - security advisory" }, { "title": "Red Hat: Important: OpenShift Container Platform 4.1.18 logging-elasticsearch5 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192858 - security advisory" }, { "title": "Red Hat: Important: OpenShift Container Platform logging-elasticsearch5-container security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193149 - security advisory" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-109" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics \u2013 Log Analysis", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1db4c8cb14383c63d0c04205c943ef8a" }, { "title": "IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2ec7385c474071281be069b54d841de6" }, { "title": "commons", "trust": 0.1, "url": "https://github.com/heike2718/commons " }, { "title": "Jackson-deserialization-PoC", "trust": 0.1, "url": "https://github.com/galimba/jackson-deserialization-poc " }, { "title": "cybsec", "trust": 0.1, "url": "https://github.com/ilmari666/cybsec " } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-14379" }, { "db": "JVNDB", "id": "JVNDB-2019-007329" }, { "db": "CNNVD", "id": "CNNVD-201907-1434" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-1321", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.9 }, { "problemtype": "CWE-915", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-146319" }, { "db": "JVNDB", "id": "JVNDB-2019-007329" }, { "db": "NVD", "id": "CVE-2019-14379" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://access.redhat.com/errata/rhsa-2019:2743" }, { "trust": 2.5, "url": "https://access.redhat.com/errata/rhsa-2019:3045" }, { "trust": 2.5, "url": "https://access.redhat.com/errata/rhsa-2019:3046" }, { "trust": 2.4, "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "trust": 2.4, "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html" }, { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:2858" }, { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:3044" }, { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:3050" }, { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:3901" }, { "trust": 2.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:2936" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:2937" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:2998" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:3292" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:3297" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2020:0727" }, { "trust": 1.8, "url": "https://support.apple.com/kb/ht213189" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20190814-0001/" }, { "trust": 1.8, "url": "http://seclists.org/fulldisclosure/2022/mar/23" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2387" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhba-2019:2824" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:2935" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:2938" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:3149" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:3200" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3ccommits.tinkerpop.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815%40%3cissues.iceberg.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb%40%3ccommits.pulsar.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3cissues.iceberg.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d%40%3cissues.iceberg.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf%40%3cissues.iceberg.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f%40%3cissues.iceberg.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54%40%3cissues.iceberg.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3cdev.struts.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17%40%3cissues.iceberg.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d%40%3cissues.iceberg.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f%40%3ccommits.ambari.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a%40%3ccommits.ambari.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3cissues.bookkeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ovrzdn2t6az6djczj3vsiqivhbvmvwbl/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/txrvxnrfhjsqwfhprjqri5upmz63b544/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ukuale2tuckekohe2d342pqxn4mwcslc/" }, { "trust": 0.9, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.9, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2019-14379" }, { "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ukuale2tuckekohe2d342pqxn4mwcslc/" }, { "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ovrzdn2t6az6djczj3vsiqivhbvmvwbl/" }, { "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/txrvxnrfhjsqwfhprjqri5upmz63b544/" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3ccommits.ambari.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3ccommits.ambari.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3cissues.bookkeeper.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf@%3cissues.iceberg.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d@%3cissues.iceberg.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17@%3cissues.iceberg.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d@%3cissues.iceberg.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815@%3cissues.iceberg.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54@%3cissues.iceberg.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f@%3cissues.iceberg.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3cissues.iceberg.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3ccommits.pulsar.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3cdev.struts.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3ccommits.tinkerpop.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3cdev.tomee.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3cdev.tomee.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3cdev.tomee.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3cdev.tomee.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3cdev.tomee.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3cdev.tomee.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3cdev.tomee.apache.org%3e" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3cdev.tomee.apache.org%3e" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14379" }, { "trust": 0.8, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.8, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2019-10184" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12814" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10184" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2019-12814" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1118283" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1086039" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1285282" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1072724" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3074/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/155382/red-hat-security-advisory-2019-3901-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-android-mobile-sdk-compile-builder-includes-vulnerable-components/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4754/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4588/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166313/apple-security-advisory-2022-03-14-7.html" }, { "trust": 0.6, "url": "https://www.oracle.com/security-alerts/cpujan2020verbose.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-2/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042826" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht213189" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/154469/red-hat-security-advisory-2019-2743-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1573" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3643/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/jackson-databind-code-execution-via-subtypevalidator-30021" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1106763" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities-2/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021050708" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3481/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/45801" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0832/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1437" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4323/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3836/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-ibm-network-performance-insight-cve-2019-14379-cve-2019-17531-cve-2019-14439-and-cve-2019-14540/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4370/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0381/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031501" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1076/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1440/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2019-16943-cve-2019-16942-cve-2019-17531-cve-2019-17267-cve-2019-14540-cve-2019-163/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html" }, { "trust": 0.5, "url": "https://issues.jboss.org/):" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-12086" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-12384" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12384" }, { "trust": 0.4, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10212" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-10212" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14832" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14820" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-10202" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10202" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-3888" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3888" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/1321.html" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=60520" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/galimba/jackson-deserialization-poc" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.5/html/release_notes_for_red_hat_process_automation_manager_7.5/index" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.5.0" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-19360" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14718" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20190" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14720" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35491" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35490" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35728" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36180" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u" }, { "trust": 0.1, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36181" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-19362" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36183" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36188" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14721" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36179" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36182" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24750" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36186" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36187" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36189" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1515" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36184" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-19361" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14335" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10173" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9512" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9514" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=patches\u0026version=7.3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10173" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9515" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9518" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10174" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3805" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14335" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3805" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3868" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xcatrhoar.thorntail\u0026version=2.5.0" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3868" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/release_notes_for_thorntail_2/" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.5/html/release_notes_for_red_hat_decision_manager_7.5/index" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.5.0" } ], "sources": [ { "db": "VULHUB", "id": "VHN-146319" }, { "db": "VULMON", "id": "CVE-2019-14379" }, { "db": "JVNDB", "id": "JVNDB-2019-007329" }, { "db": "PACKETSTORM", "id": "154845" }, { "db": "PACKETSTORM", "id": "155054" }, { "db": "PACKETSTORM", "id": "154686" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "156628" }, { "db": "PACKETSTORM", "id": "154844" }, { "db": "PACKETSTORM", "id": "154793" }, { "db": "PACKETSTORM", "id": "155051" }, { "db": "PACKETSTORM", "id": "154665" }, { "db": "CNNVD", "id": "CNNVD-201907-1434" }, { "db": "NVD", "id": "CVE-2019-14379" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-146319" }, { "db": "VULMON", "id": "CVE-2019-14379" }, { "db": "JVNDB", "id": "JVNDB-2019-007329" }, { "db": "PACKETSTORM", "id": "154845" }, { "db": "PACKETSTORM", "id": "155054" }, { "db": "PACKETSTORM", "id": "154686" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "156628" }, { "db": "PACKETSTORM", "id": "154844" }, { "db": "PACKETSTORM", "id": "154793" }, { "db": "PACKETSTORM", "id": "155051" }, { "db": "PACKETSTORM", "id": "154665" }, { "db": "CNNVD", "id": "CNNVD-201907-1434" }, { "db": "NVD", "id": "CVE-2019-14379" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-07-29T00:00:00", "db": "VULHUB", "id": "VHN-146319" }, { "date": "2019-07-29T00:00:00", "db": "VULMON", "id": "CVE-2019-14379" }, { "date": "2019-08-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-007329" }, { "date": "2019-10-14T23:03:33", "db": "PACKETSTORM", "id": "154845" }, { "date": "2019-11-01T17:01:40", "db": "PACKETSTORM", "id": "155054" }, { "date": "2019-09-30T16:22:22", "db": "PACKETSTORM", "id": "154686" }, { "date": "2021-05-06T15:03:00", "db": "PACKETSTORM", "id": "162493" }, { "date": "2020-03-05T14:41:17", "db": "PACKETSTORM", "id": "156628" }, { "date": "2019-10-14T20:33:33", "db": "PACKETSTORM", "id": "154844" }, { "date": "2019-10-10T14:44:58", "db": "PACKETSTORM", "id": "154793" }, { "date": "2019-11-01T17:00:00", "db": "PACKETSTORM", "id": "155051" }, { "date": "2019-09-30T19:22:22", "db": "PACKETSTORM", "id": "154665" }, { "date": "2019-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201907-1434" }, { "date": "2019-07-29T12:15:16.633000", "db": "NVD", "id": "CVE-2019-14379" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-02T00:00:00", "db": "VULHUB", "id": "VHN-146319" }, { "date": "2022-12-02T00:00:00", "db": "VULMON", "id": "CVE-2019-14379" }, { "date": "2019-08-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-007329" }, { "date": "2022-12-05T00:00:00", "db": "CNNVD", "id": "CNNVD-201907-1434" }, { "date": "2023-11-07T03:04:54.240000", "db": "NVD", "id": "CVE-2019-14379" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201907-1434" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-007329" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code execution", "sources": [ { "db": "PACKETSTORM", "id": "154845" }, { "db": "PACKETSTORM", "id": "155054" }, { "db": "PACKETSTORM", "id": "154686" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "156628" }, { "db": "PACKETSTORM", "id": "154844" }, { "db": "PACKETSTORM", "id": "154793" }, { "db": "PACKETSTORM", "id": "155051" }, { "db": "PACKETSTORM", "id": "154665" } ], "trust": 0.9 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202101-1946">var-202101-1946</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>===================================================================== Red Hat Security Advisory</p> <p>Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================</p> <ol> <li>Summary:</li> </ol> <p>Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Description:</li> </ol> <p>Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. </p> <ol> <li>Solution:</li> </ol> <p>This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:</p> <p>https://access.redhat.com/errata/RHBA-2021:1232</p> <p>All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor</p> <p>For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:</p> <p>https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html</p> <p>Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:</p> <p>https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):</p> <p>LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"</p> <p>5</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202101-1946" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202101-1946" aria-expanded="false" aria-controls="collapseJsonvar-202101-1946"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202101-1946&t=Vulnerability var-202101-1946" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202101-1946&title=Vulnerability var-202101-1946" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202101-1946&url=https://vulnerability.circl.lu/vuln/var-202101-1946" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202101-1946&title=Vulnerability var-202101-1946" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202101-1946&description=Vulnerability var-202101-1946" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202101-1946&title=Vulnerability var-202101-1946" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202101-1946')" vuln-id="var-202101-1946" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202101-1946"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202101-1946">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1946", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.7.0" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "communications messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.2" }, { "model": "banking treasury management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.4" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.9.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "communications pricing design center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.0" }, { "model": "retail customer management and segmentation foundation", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.7.1" }, { "model": "commerce platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.2" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.6.7.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.3.2" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.5.0" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3" }, { "model": "cloud backup", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.10.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0.2" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.5.0" }, { "model": "retail customer management and segmentation foundation", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "communications unified inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4.1" }, { "model": "communications convergent charging controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "insurance rules palette", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.6.2" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "communications interactive session recorder", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.3" }, { "model": "goldengate application adapters", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1.0.0.0" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "communications interactive session recorder", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.4" }, { "model": "insurance rules palette", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "communications messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1" }, { "model": "communications services gatekeeper", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.10" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0" }, { "model": "insurance policy administration", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "insurance policy administration", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12.0" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "communications offline mediation controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3.1" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.11" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "communications cloud native core policy", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.14.0" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "communications cloud native core unified data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.4.0" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.8" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.0.0" }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.2.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0.4" }, { "model": "service level manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "jd edwards enterpriseone tools", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "commerce platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.5.0.23.0" }, { "model": "blockchain platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.1.2" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0.3" }, { "model": "insurance policy administration", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.8.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.11" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.1" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.4" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.6" }, { "model": "service level manager", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "jackson-databind", "scope": null, "trust": 0.8, "vendor": "fasterxml", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015593" }, { "db": "NVD", "id": "CVE-2020-36189" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.8", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.2", "versionStartIncluding": "11.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.5.0", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.10", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.11", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.0", "versionStartIncluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.1.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-36189" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202101-329" } ], "trust": 0.8 }, "cve": "CVE-2020-36189", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-36189", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-381456", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-36189", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-36189", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202101-329", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-381456", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-36189", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-381456" }, { "db": "VULMON", "id": "CVE-2020-36189" }, { "db": "JVNDB", "id": "JVNDB-2020-015593" }, { "db": "NVD", "id": "CVE-2020-36189" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-329" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2020-36189" }, { "db": "JVNDB", "id": "JVNDB-2020-015593" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-381456" }, { "db": "VULMON", "id": "CVE-2020-36189" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-36189", "trust": 2.8 }, { "db": "PACKETSTORM", "id": "162493", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162350", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015593", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021110515", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012755", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021050708", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042826", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1397", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1437", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1573", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-329", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-381456", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-36189", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381456" }, { "db": "VULMON", "id": "CVE-2020-36189" }, { "db": "JVNDB", "id": "JVNDB-2020-015593" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36189" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-329" } ] }, "id": "VAR-202101-1946", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-381456" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T10:52:46.706000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "NTAP-20210205-0005", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138935" }, { "title": "IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "Al1ex", "trust": 0.1, "url": "https://github.com/al1ex/al1ex " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-36189" }, { "db": "JVNDB", "id": "JVNDB-2020-015593" }, { "db": "CNNVD", "id": "CNNVD-202101-329" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.1 }, { "problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381456" }, { "db": "JVNDB", "id": "JVNDB-2020-015593" }, { "db": "NVD", "id": "CVE-2020-36189" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { "trust": 1.8, "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2996" }, { "trust": 1.8, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189" }, { "trust": 0.7, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1437" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6455267" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021110515" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042826" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012755" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1397" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1573" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021050708" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19360" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20190" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14719" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35491" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36180" }, { "trust": 0.2, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36188" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36179" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36182" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24750" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36186" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14379" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/al1ex/al1ex" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1230" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2021:1232" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2163" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1515" } ], "sources": [ { "db": "VULHUB", "id": "VHN-381456" }, { "db": "VULMON", "id": "CVE-2020-36189" }, { "db": "JVNDB", "id": "JVNDB-2020-015593" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36189" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-329" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-381456" }, { "db": "VULMON", "id": "CVE-2020-36189" }, { "db": "JVNDB", "id": "JVNDB-2020-015593" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36189" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-329" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-06T00:00:00", "db": "VULHUB", "id": "VHN-381456" }, { "date": "2021-01-06T00:00:00", "db": "VULMON", "id": "CVE-2020-36189" }, { "date": "2021-10-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015593" }, { "date": "2021-04-27T15:37:46", "db": "PACKETSTORM", "id": "162350" }, { "date": "2021-05-06T15:03:00", "db": "PACKETSTORM", "id": "162493" }, { "date": "2021-01-06T23:15:13.280000", "db": "NVD", "id": "CVE-2020-36189" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-01-06T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-329" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-08T00:00:00", "db": "VULHUB", "id": "VHN-381456" }, { "date": "2022-09-08T00:00:00", "db": "VULMON", "id": "CVE-2020-36189" }, { "date": "2021-10-06T01:05:00", "db": "JVNDB", "id": "JVNDB-2020-015593" }, { "date": "2023-09-13T14:57:37.650000", "db": "NVD", "id": "CVE-2020-36189" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-07-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-329" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-329" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015593" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202003-1776">var-202003-1776</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A code issue vulnerability exists in javax.swing.JEditorPane in versions 2.x prior to FasterXML jackson-databind 2.9.10.4. A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:</p> <p>Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. </p> <p>It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>==================================================================== <br /> Red Hat Security Advisory</p> <p>Synopsis: Important: Satellite 6.8 release Advisory ID: RHSA-2020:4366-01 Product: Red Hat Satellite 6 Advisory URL: https://access.redhat.com/errata/RHSA-2020:4366 Issue date: 2020-10-27 CVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781 CVE-2019-16782 CVE-2020-5216 CVE-2020-5217 CVE-2020-5267 CVE-2020-7238 CVE-2020-7663 CVE-2020-7942 CVE-2020-7943 CVE-2020-8161 CVE-2020-8184 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10693 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195 CVE-2020-14334 CVE-2020-14380 ==================================================================== 1. Summary:</p> <p>An update is now available for Red Hat Satellite 6.8 for RHEL 7. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Relevant releases/architectures:</li> </ol> <p>Red Hat Satellite 6.7 - noarch, x86_64 Red Hat Satellite Capsule 6.8 - noarch, x86_64</p> <ol> <li>Description:</li> </ol> <p>Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. </p> <p>Security Fix(es):</p> <ul> <li>mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) (CVE-2018-3258)</li> <li>netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)</li> <li>rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7663)</li> <li>puppet: puppet server and puppetDB may leak sensitive information via metrics API (CVE-2020-7943)</li> <li>jackson-databind: multiple serialization gadgets (CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)</li> <li>foreman: unauthorized cache read on RPM-based installations through local user (CVE-2020-14334)</li> <li>Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover (CVE-2020-14380)</li> <li>Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS (CVE-2019-12781)</li> <li>rubygem-rack: hijack sessions by using timing attacks targeting the session id (CVE-2019-16782)</li> <li>rubygem-secure_headers: limited header injection when using dynamic overrides with user input (CVE-2020-5216)</li> <li>rubygem-secure_headers: directive injection when using dynamic overrides with user input (CVE-2020-5217)</li> <li>rubygem-actionview: views that use the <code>j</code> or <code>escape_javascript</code> methods are susceptible to XSS attacks (CVE-2020-5267)</li> <li>puppet: Arbitrary catalog retrieval (CVE-2020-7942)</li> <li>rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)</li> <li>rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names (CVE-2020-8184)</li> <li>hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)</li> <li>puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL (CVE-2018-11751)</li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. </p> <p>Additional Changes:</p> <ul> <li> <p>Provides the Satellite Ansible Modules that allow for full automation of your Satellite configuration and deployment. </p> </li> <li> <p>Adds ability to install Satellite and Capsules and manage hosts in a IPv6 network environment</p> </li> <li> <p>Ansible based Capsule Upgrade automation: Ability to centrally upgrade all of your Capsule servers with a single job execution. </p> </li> <li> <p>Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest version of Puppet</p> </li> <li> <p>Support for HTTP UEFI provisioning</p> </li> <li> <p>Support for CAC card authentication with Keycloak integration</p> </li> <li> <p>Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8 using the LEAPP based tooling. </p> </li> <li> <p>Support for Red Hat Enterprise Linux Traces integration</p> </li> <li> <p>satellite-maintain & foreman-maintain are now self updating</p> </li> <li> <p>Notifications in the UI to warn users when subscriptions are expiring. </p> </li> </ul> <p>The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. </p> <ol> <li>Solution:</li> </ol> <p>Before applying this update, make sure all previously released errata relevant to your system have been applied. </p> <p>For details on how to apply this update, refer to:</p> <p>https://access.redhat.com/articles/11258</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1160344 - [RFE] Satellite support for cname as alternate cname for satellite server 1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems 1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy 1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt 1398317 - For the vms built by Satellite 6 using "Network Based" installation mode on VMWare, unable to change the boot sequence via BIOS 1410616 - [RFE] Prominent notification of expiring subscriptions. 1410916 - Should only be able to add repositories you have access to 1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3 1461781 - [RFE]A button should be available in the GUI to clear the recurring logics. 1469267 - need updated rubygem-rake 1486446 - Content view versions list has slow query for package count 1486696 - 'hammer host update' removes existing host parameters 1494180 - Sorting by network address for subnet doesn't work properly 1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost 1503037 - [RFE] Cancelled future/recurring job invocations should not get the status "failed" but rather "cancelled" 1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for "172.17.0.101" 1531674 - Operating System Templates are ordered inconsistently in UI. 1537320 - [RFE] Support for Capsules at 1 version lower than Satellite 1543316 - Satellite 6.2 Upgrade Fails with error "rake aborted! NoMethodError: undefined method <code>first' for nil:NilClass" when there are custom bookmarks created 1563270 - Sync status information is lost after cleaning up old tasks related to sync. 1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers ('ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES256-GCM-SHA384') 1571907 - Passenger threads throwing tracebacks on API jobs after spawning 1576859 - [RFE] Implement automatic assigning subnets through data provided by facter 1584184 - [RFE] The locked template is getting overridden by default 1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box 1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template 1608001 - Rearrange search/filter options on Red Hat Repositories page. 1613391 - race condition on removing multiple organizations simultaneously 1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot 1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version 1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui 1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization 1625258 - Having empty "Allocation (GB)" when creating a new Host, nil:NilClass returned on creating the Host 1627066 - Unable to revert to the original version of the provisioning template 1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules 1630536 - yum repos password stored as cleartext 1632577 - Audit log show 'missing' for adding/removing repository to a CV 1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) 1645062 - host_collection controller responds with 200 instead of 201 to a POST request 1645749 - repositories controller responds with 200 instead of 201 to a POST request 1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build 1647364 - [RFE] Extend the audits by the http request id 1647781 - Audits contain no data (Added foo to Missing(ID: x)) 1651297 - Very slow query when using facts on user roles as filters 1653217 - [RFE] More evocative name for Play Ansible Roles option? 1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks 1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role, 1659418 - katello-tracer-upload failing with error "ImportError: No module named katello" 1665277 - subscription manager register activation key with special character failed 1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal 1666693 - Command "hammer subscription list" is not correctly showing the comment "Guests of " in the "Type" field in the output. 1677907 - Ansible API endpoints return 404 1680157 - [RFE] Puppet 'package' provider type does not support selecting modularity streams 1680458 - Locked Report Templates are getting removed. 1680567 - Reporting Engine API to list report template per organization/location returns 404 error 1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite 1685949 - [RFE] Support passing of attribute name instead of Id's in RHV workflow 1687116 - kernel version checks should not use /lib/modules to determine running version 1688886 - subscription-manager not attaching the right quantity per the cpu core 1691416 - Delays when many clients upload tracer data simultaneously 1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself 1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don't match runtime permissions 1705097 - An empty report file doesn't show any headers 1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service 1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed 1710511 - Filter by os_minor includes unexpected values on the Satellite web UI. 1715999 - Use Infoblox API for DNS conflict check and not system resolver 1716423 - Nonexistent quota can be set 1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page 1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array 1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally 1719509 - [RFE] "hammer host list" including erratas information 1719516 - [RFE] "hammer host-collection hosts" including erratas information 1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition 1721419 - SSH key cannot be added when FIPS enabled 1722954 - Slow performance when running "hammer host list" with a high number of Content Hosts (15k+ for example) 1723313 - foreman_tasks:cleanup description contain inconsistent information 1724494 - [Capsule][smart_proxy_dynflow_core] "PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start" 1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS 1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name 1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear 1730083 - [RFE] Add Jobs button to host detail page 1731155 - Cloud init template missing snippet compared to Kickstart default user data 1731229 - podman search against Red Hat Satellite 6 fails. 1731235 - [RFE] Create Report Template to list inactive hosts 1733241 - [RFE] hammer does not inherit parent location information 1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN 1736809 - undefined method</code>split' for nil:NilClass when viewing the host info with hammer 1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host. 1737564 - [RFE] Support custom images on Azure 1738548 - Parameter --openscap-proxy-id is missing in hammer host create command. 1740943 - Increasing Ansible verbosity level does not increase the verbosity of output 1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location. 1743776 - Error while deleting the content view version. 1745516 - Multiple duplicate index entries are present in candlepin database 1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI. 1749692 - Default Rhel8 scap content does not get populated on the Satellite 1749916 - [RFE] Satellite should support certificates with > 2048 Key size 1751981 - Parent object properties are not propagated to Child objects in Location and Host Group 1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command 1753551 - Traces output from Satellite GUI has mismatches with client tracer output 1756991 - 2 inputs with same name -> uninitialized constant #<Class:0x000000000b894c38>::NonUniqueInputsError 1757317 - [RFE] Dynflow workers extraction 1757394 - [BUG] Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via Satellite 6 API 1759160 - Rake task for cleaning up DHCP records on proxy 1761872 - Disabled buttons are still working 1763178 - [RFE] Unnecessary call to userhelp and therefore log entries 1763816 - [RFE] Report which users access the API 1766613 - Fact search bar broken and resets to only searching hostname 1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting 1767497 - Compute Resource filter does not correctly allow Refresh Cache 1767635 - [RFE] Enable Organization and Location to be entered not just selected 1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer. 1770544 - Puppet run job notification do not populate "%{puppet_options}"' value 1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method <code>[]' for nil:NilClass 1771367 - undefined method</code>request_uri' when Openidc Provider Token Endpoint is none 1771428 - Openscap documentation link on Satellite 6 webui is broke 1771484 - Client side documentation links are not branded 1771693 - 'Deployed on' parameter is not listed in API output 1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order 1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again 1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt 1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare 1774710 - UI: When selecting the server type in ldap authentication, "attribute mappings" fields could be populated automatically 1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines) 1778503 - Prepended text on OS name creation 1778681 - Some pages are missing title in html head 1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI. 1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly 1782352 - [RHEL 8.1 client] All packages are not getting updated after click on "Update All Packages" 1782426 - Viewing errata from a repository returns incorrect unfiltered results 1783568 - [RFE] - Bulk Tracer Remediation 1783882 - Ldap refresh failed with "Validation failed: Adding would cause a cycle!" 1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log 1784341 - disable CertificateRevocationListTask job in candlepin.conf by default 1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file 1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6. 1785624 - [UI] Importing templates with associate 'never' is not resulting as expected 1785683 - Does not load datacenter when multiple compute resources are created for same VCenter 1785902 - Ansible RunHostJob tasks failed with "Failed to initialize: NoMethodError - undefined method <code>[]' for nil:NilClass" 1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date 1787329 - change filename in initrd live CPIO archive to fdi.iso 1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL 1788958 - [RFE] add "elapsed time" column to export and hammer, make it filterable in WebUI 1789006 - Smart proxy dynflow core listens on 0.0.0.0 1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id 1789434 - Template editor not always allows refreshing of the preview pane 1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely 1789686 - Non-admin user with enough permissions can't generate report of applicable errata 1789815 - The "start" parameter should be mentioned inside "--compute-attributes:" in hammer_cli for Satellite 6 1789911 - "foreman-rake katello:publish_unpublished_repositories" is referring to column which no longer exists in katello_repositories table. 1789924 - [RFE] As user I want to see a "disabled" status for Simple Content Access (Golden Ticketed) Orgs 1791654 - drop config_templates api endpoints and parameters 1791656 - drop deprecated host status endpoint 1791658 - drop reports api endpoint 1791659 - Remove</code>use_puppet_default<code>api params 1791663 - remove deprecated permissions api parameters 1791665 - drop deprecated compute resource uuid parameter 1792131 - [UI] Could not specify organization/location for users that come from keycloak 1792135 - Not able to login again if session expired from keycloak 1792174 - [RFE] Subscription report template 1792304 - When generating custom report, leave output format field empty 1792378 - [RFE] Long role names are cut off in the roles UI 1793951 - [RFE] Display request UUID on audits page 1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists 1794346 - Change the label for the flashing eye icon during user impersonation 1794641 - Sync status page's content are not being displayed properly. 1795809 - HTML tags visible on paused task page 1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled 1796205 - iso upload: correctly check if upload directory exists 1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1796259 - loading subscriptions page is very slow 1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode 1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout 1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server 1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state. 1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host 1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input 1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input 1802529 - Repository sync in tasks page shows percentage in 17 decimal points 1802631 - Importing Ansible variables yields NoMethodError: undefined method</code>map' for nil:NilClass (initialize_variables) [variables_importer.rb] 1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none 1804496 - While performing bulk actions, unable to select all tasks under Monitor --> Tasks page. 1804651 - Missing information about "Create Capsule" via webUI 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7 1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error 1806842 - Disabling dynflow_enable_console from setting should hide "Dynflow console" in Tasks 1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method <code>mtu' 1807042 - [RFE] Support additional disks for VM on Azure Compute Resource 1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics. 1807829 - Generated inventory file doesn't exist 1807946 - Multiple duplicate index entries are present in foreman database 1808843 - Satellite lists unrelated RHV storage domains using v4 API 1810250 - Unable to delete repository - Content with ID could not be found 1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd 1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection 1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic "errata" page instead 1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units 1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana's API specification 1812904 - 'Hypervisors' task fails with 'undefined method</code>[]' for nil:NilClass' error 1813005 - Prevent --tuning option to be applied in Capsule servers 1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker) 1814095 - Applicable errata not showing up for module stream errata 1815104 - Locked provisioning template should not be allowed to add audit comment 1815135 - hammer does not support description for custom repositories 1815146 - Backslash escapes when downloading a JSON-formatted report multiple times 1815608 - Content Hosts has Access to Content View from Different Organization 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1816699 - Satellite Receptor Installer role can miss accounts under certain conditions 1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval 1816853 - Report generated by Red Hat Inventory Uploads is empty. 1817215 - Admin must be able to provide all the client ids involved inside Satellite settings. 1817224 - Loading one org's content view when switching to a different org 1817481 - Plugin does not set page <title> 1817728 - Default task polling is too frequent at scale 1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com. 1818062 - Deprecated message about katello agent being shown on content host registration page 1818816 - Web console should open in a new tab/window 1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.<em>.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1820193 - Deleted Global Http Proxy is still being used during repository sync. 1820245 - reports in JSON format can't handle unicode characters 1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512 1821335 - Inventory plugin captures information for systems with any entitlement 1821457 - [RFE] Capsules shouldn't update hosts' "Registered through" facts on the Satellite server in a load-balanced configuration. 1821629 - Eager zero seems to do nothing 1821651 - Manifest import task progress remains at 0. 1821752 - New version of the plugin is available: 1.0.5 1822039 - Get HTTP error when deploying the virt-who configure plugin 1822560 - Unable to sync large openshift docker repos 1823905 - Update distributor version to sat-6.7 1823991 - [RFE] Add a more performant way to sort reports 1824183 - Virtual host get counted as physical hosts on cloud.redhat.com 1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes "Blank" 1825760 - schedule inventory plugin sync failed due to 'organization_id' typecasting issue. 1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy 1825978 - Manifest refresh failed with 'Katello::Errors::CandlepinError Invalid credentials.' error 1826298 - even when I cancel ReX job, remediation still shows it as running 1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images 1826515 - [RFE] Consume Candlepin events via STOMP 1826625 - Improve performance of externalNodes 1826678 - New version of the plugin is available: 2.0.6 1826734 - Tasks uses wrong controller name for bookmarks 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories 1827583 - Installing dhcp_isc and dhcp_remote_isc fails with "You cannot specify the same gem twice with different version requirements.....You specified: rsec (< 1) and rsec (>= 0)" 1828257 - Receptor init file missing [Install] section, receptor service won't run after restart 1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API 1828549 - Manifest Certificate Exposed by Unprivileged User 1828682 - Create compute resource shows console error 'Cannot read property 'aDataSort' of undefined' 1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default 1828868 - Add keep alive option in Receptor node 1829487 - Ansible verbosity level does not work 1829766 - undefined method <code>tr' for nil:NilClass when trying to get a new DHCP lease from infoblox 1830253 - Default job templates are not locked 1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time 1830834 - Unable to update default value of a smart class parameter (Sql query error). 1830860 - Refactor loading regions based on subscription dynamically 1830882 - Red Hat Satellite brand icon is missing 1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo 1831528 - CVE-2020-5267 rubygem-actionview: views that use the</code>j<code>or</code>escape_javascript<code>methods are susceptible to XSS attacks 1833031 - Improve RH account ID fetching in cloud connector playbook 1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished) 1833039 - Introduce error code to playbook_run_finished response type 1833311 - "Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid" while creating scap policy with ansible deployment option. 1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of '/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud' returned 1: Error: Nothing to do 1834377 - Disable mongo FTDC 1834866 - Missing macro for "registered_at" host subscription facet 1834898 - Login Page background got centralized and cropped 1835189 - Missing macro for "host_redhat_subscriptions" in host subscription facet 1835241 - Some applicability of the consumers are not recalculated after syncing a repository 1835882 - While executing "Configure Cloud Connector" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting 1836155 - Support follow on rails, travis and i18n work for AzureRm plugin 1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman. 1836774 - Some foreman services failed to start (pulp_streamer) 1836845 - "Generate at" in report template should be current date 1837951 - "invalid Unicode Property \p: /\b\perform various actions through those proxies\b(?!-)/" warning messages appears in dynflow-sidekiq@worker-hosts-queue 1838160 - 'Registered hosts' report does not list kernel release for rhsm clients 1838191 - Arrow position is on left rather in the middle under "Start Time" 1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory 1838917 - Repositories are not showing their available Release versions due to a low default db pool size 1838963 - Hypervisors from Satellite, never makes their way to HBI 1838965 - Product name link is not working on the activation keys "Repository Sets" tab. 1839025 - Configure Cloud Connector relies on information which is no longer provided by the API 1839649 - satellite-installer --reset returns a traceback 1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds 1839779 - undefined local variable or method</code>implicit_order_column' for #<ActiveRecord::Associations::CollectionProxy> on GET request to /discovery_rules endpoint 1839966 - New version of the plugin is available: 2.0.7 1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out . 1840191 - Validate parameters passed by receptor to the receptor-satellite plugin 1840218 - ArgumentError: wrong number of arguments 1840525 - Content host list doesn't update after the successful deletion of content host. 1840635 - Proxy has failed to load one or more features (Realm) 1840723 - Selected scenario is DISABLED, can not continue 1840745 - Satellite installation failed with puppet error " No Puppet module parser is installed" 1841098 - Failed to resolve package dependency while doing satellite upgrade. 1841143 - Known hosts key removal may fail hard, preventing host from being provisioned 1841573 - Clicking breadcrumb "Auth Source Ldaps" on Create LDAP Auth Source results in "The page you were looking for doesn't exist." 1841818 - icons missing on /pub download page 1842900 - ERROR! the role 'satellite-receptor' was not found in ... 1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/ 1843406 - In 6.8, Receptor installation playbook's inputs are visible again 1843561 - Report templates duplicated 1843846 - Host - Registered Content Hosts report: "Safemode doesn't allow to access 'report_hraders' on #<Safemode::ScopeObject>" 1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8 1843926 - satellite-change-hostname fails when running nsupdate 1844142 - [RFE] Drop a subsription-manager fact with the satellite version 1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP 1845486 - [RFE] Able to select 'HTTP Proxy' during Compute Resource create for 'GCE' as similar to EC2 1845860 - hammer org add-provisioning-template command returns Error: undefined method <code>[]' for nil:NilClass 1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1846254 - need to restart services after enabling leapp plugin 1846313 - Add index on locks for resource type and task id 1846317 - undefined method</code>klass' for nil:NilClass 1846421 - build pxe default do not work when more than 1 provider 1846593 - Satellite-installer failed with error "Could not find a suitable provider for foreman_smartproxy" while doing upgrade from 6.7 to 6.8 1847019 - Empty applicability for non-modular repos 1847063 - Slow manifest import and/or refresh 1847407 - load_pools macro not in list of macros 1847645 - Allow override of Katello's DISTRIBUTOR_VERSION 1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details. 1847840 - Libvirt note link leads to 404 1847871 - Combined Profile Update: ArgumentError: invalid argument: nil. 1848291 - Download kernel/initram for kexec asynchronously 1848535 - Unable to create a pure IPv6 host 1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8) 1848902 - ERF42-0258 [Foreman::Exception]: <uuid> is not valid, enter id or name 1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory 1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool 1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms 1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule 1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names 1849656 - ERROR! You cannot use loops on 'import_tasks' statements. You should use 'include_tasks' instead. 1849680 - Task progress decimal precision discrepancy between UI, CLI, and API 1849869 - Unable to recycle the dynflow executor 1850355 - Auth Source Role Filters are not working in Satellite 6.8 1850536 - Can't add RHEV with APIv3 through Hammer 1850914 - Checksum type "sha256" is not available for all units in the repository. Make sure those units have been downloaded 1850934 - Satellite-installer failed with error "Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)" 1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates 1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9 1851167 - Autoattach -> "undefined" subscription added 1851176 - Subscriptions do not provide any repository sets 1851952 - "candlepin_events FAIL Not running" and wont restart 1852371 - Allow http proxy ports by default 1852723 - Broken link for documentation on installation media page 1852733 - Inventory upload documentation redirects to default location 1852735 - New version of the plugin is available: 2.0.8 1853076 - large capsule syncs cause slow processing of dynflow tasks/steps 1853200 - foreman-rake-db:migrate Fails on "No indexes found on foreman_tasks_locks with the options provided" 1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7 1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh 1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views 1853572 - Broken documentation link for 'RHV' in Compute Resource 1854138 - System purpose status should show as 'disabled' when Satellite is in Simple Content Access mode. 1854397 - Compliance reports are not being uploaded to satellite. 1854530 - PG::NotNullViolation when syncing hosts from cloud 1855008 - Host parameters are set after the host is created. 1855254 - Links to documentation broken in HTTP Proxies setup 1855348 - katello_applicability accidentally set to true at install 1855710 - 'Ensure RPM repository is configured and enabled' task says 'FIXME' 1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page. 1856379 - Add missing VM creation tests 1856401 - [RFE] Add module to create HTTP Proxy 1856831 - New version of the plugin is available: 2.0.9 1856837 - undefined method '#httpboot' for NilClass::Jail (NilClass) when creating an IPv6 only host 1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500 1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos 1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos 1857377 - Capsule Upgrade Playbook fails with "Failed to initialize: NoMethodError - undefined method <code>default_capsule' for Katello:Module" 1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError 1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename. 1857726 - Warnings are shown during the satellite package installation on RHEL 7.9 1858237 - Upgraded Satellite has duplicated katello_pools indexes 1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user 1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite 1858855 - Creating compute resources on IPV6 network does not fail gracefully 1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf 1859194 - load_hosts macro duplicated in a list of macros 1859276 - Need to update the deprecation warning message on Statistics and Trends page. 1859705 - Tomcat is not running on fresh Capsule installation 1859929 - User can perform other manifest actions while the first one starts 1860351 - 'Host - compare content hosts packages' report fails with error 'undefined method '#first' for NilClass' 1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed 1860422 - Host with remediations can't be removed 1860430 - 'Host - compare content hosts packages' report: Safemode doesn't allow to access 'version'... 1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service 1860519 - Browsing capsule /pub directory with https fails with forbidden don't have permission to access /pub/ error. 1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8 1860587 - Documentation link in Administer -> About pointing to 6.6 document. 1860835 - Installed Packages not displayed on About page 1860957 - Unable to select an organization for sync management 1861367 - Import Template sync never completes 1861397 - UI dialog for Capsule Upgrade Playbook job doesn't state whitelist_options is required 1861422 - Error encountered while handling the response, replying with an error message ('plugin_config') 1861656 - smart-proxy-openscap-send command fails to upload reports to satellite. 1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request 1861766 - Add ability to list traces by host with hammer 1861807 - Cancel/Abort button should be disabled once REX job is finish 1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer 1861831 - satellite-change-hostname cannot change the satellite hostname after failing. 1861890 - Recommended repos do not match Satellite version 1861970 - Content -> Product doesn't work when no organization is selected 1862135 - updating hosts policy using bulk action fails with sql error 1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite. 1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6 1865871 - Obfuscated hosts do not have domain reported 1865872 - Templates doc - examples on onepage.html are not processed 1865874 - Add inventory status to host 1865876 - Make recommendations count in hosts index a link 1865879 - Add automatic scheduler for insights sync 1865880 - Add an explanation how to enable insights sync 1865928 - Templates documentation help page has hard-coded Satellite setting value 1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently 1866029 - Templates DSL documentation: Parts of description are put in <pre> tag 1866436 - host search filter does not work in job invocation page 1866461 - Run action is missing in job templates page 1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page 1866700 - Hammer CLI is missing "resolve" (traces) option for katello-tracer 1866710 - Wrong API endpoint path referenced for resolving host traces 1867239 - hammer content-view version incremental-update fails with ISE 1867287 - Error Row was updated or deleted by another transaction when deleting docker repository 1867311 - Upgrade fails when checkpoint_segments postgres parameter configured 1867399 - Receptor-satellite isn't able to deal with jobs where all the hosts are unknown to satellite 1867895 - API Create vmware ComputeResource fails with "Datacenter can't be blank" 1868183 - Unable to change virt-who hypervisor location. 1868971 - Receptor installation job doesn't properly escape data it puts into receptor.conf 1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)' messages come in upgrade and installation. 1869812 - Tasks fail to complete under load 1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow 1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found) 1871434 - theme css ".container" class rule is too generic 1871729 - ansible-runner implementation depends on third party repository for ansible-runner package. 1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout 1871978 - Bug in provisioning_template Module 1872014 - Enable web console on host error in "Oops, we're sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console" 1872041 - Host search returns incorrect result 1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result 1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover 1874143 - Red Hat Inventory Uploads does not use proxy 1874160 - Changing Content View of a Content Host needs to better inform the user around client needs 1874168 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception' 1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file 1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts) 1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow 1874176 - Unable to search by value of certain Hostgroup parameter 1874422 - Hits Sync uses only old proxy setting 1874619 - Hostgroup tag is never reported in slice 1875357 - After upgrade server response check failed for candlepin. 1875426 - Azure VM provision fails with error</code>requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url` 1875660 - Reporting Template macros host_cores is not working as expected 1875667 - Audit page list incorrect search filter 1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only 1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding 1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries 1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-</em>.csv 1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-<em>.csv 1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-</em>.csv 1878194 - In Capsule upgrade, "yum update" dump some error messages. 1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled 1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections 1878850 - creating host from hg doesn't resolves the user-data template 1879151 - Remote execution status not updating with large number of hosts 1879448 - Add hits details to host details page 1879451 - Stop uploading if Satellite's setting is disconnected 1879453 - Add plugin version to report metadata 1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP 1880637 - [6.8] satellite-installer always runs upgrade steps 1881066 - Safemode doesn't allow to access 'host_cores' on #<Safemode::ScopeObject> 1881078 - Use Passenger instead of Puma as the Foreman application server 1881988 - [RFE] IPv6 support for Satellite 6.8 1882276 - Satellite installation fails at execution of '/usr/sbin/foreman-rake -- config -k 'remote_execution_cockpit_url' -v '/webcon/=%{host}'' 1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results 1883093 - installer-upgrade failed with error "Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)" 1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error "HTTP error (500 - Internal Server Error): Unable to register system, not all services available" 1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals 1887489 - Insights rules can't be loaded on freshly installed Satellite system 1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO</p> <ol> <li>Package List:</li> </ol> <p>Red Hat Satellite Capsule 6.8:</p> <p>Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm</p> <p>noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-nodes-child-2.21.3-1.el7sat.noarch.rpm pulp-nodes-common-2.21.3-1.el7sat.noarch.rpm pulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm</p> <p>x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm</p> <p>Red Hat Satellite 6.7:</p> <p>Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm candlepin-3.1.21-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm foreman-selinux-2.1.2.3-1.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pcp-mmvstatsd-0.4-2.el7sat.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-aiohttp-3.6.2-4.el7ar.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-async-timeout-3.0.1-2.el7ar.src.rpm python-attrs-19.3.0-3.el7ar.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-chardet-3.0.4-10.el7ar.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-dateutil-2.8.1-2.el7ar.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-idna-2.4-2.el7ar.src.rpm python-idna-ssl-1.1.0-2.el7ar.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-multidict-4.7.4-2.el7ar.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-prometheus-client-0.7.1-2.el7ar.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-receptor-satellite-1.2.0-1.el7sat.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-six-1.11.0-8.el7ar.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-typing-extensions-3.7.4.1-2.el7ar.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-yarl-1.4.2-2.el7ar.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm receptor-0.6.3-1.el7ar.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm rubygem-facter-2.4.1-2.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm rubygem-passenger-4.0.18-24.el7sat.src.rpm rubygem-rack-1.6.12-1.el7sat.src.rpm rubygem-rake-0.9.2.2-41.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm tfm-rubygem-audited-4.9.0-3.el7sat.src.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm tfm-rubygem-builder-3.2.4-1.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm tfm-rubygem-crass-1.0.6-1.el7sat.src.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm tfm-rubygem-deface-1.5.3-2.el7sat.src.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm tfm-rubygem-excon-0.58.0-3.el7sat.src.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm tfm-rubygem-facter-2.4.0-6.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm tfm-rubygem-fx-0.5.0-1.el7sat.src.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm tfm-rubygem-git-1.5.0-1.el7sat.src.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-3.3.0-1.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-locale-2.0.9-13.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm tfm-rubygem-mail-2.7.1-1.el7sat.src.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm tfm-rubygem-os-1.0.0-1.el7sat.src.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm tfm-rubygem-pg-1.1.4-2.el7sat.src.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm tfm-rubygem-puma-4.3.3-4.el7sat.src.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm tfm-rubygem-redis-4.1.2-2.el7sat.src.rpm tfm-rubygem-representable-3.0.4-1.el7sat.src.rpm tfm-rubygem-responders-3.0.0-3.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm tfm-rubygem-signet-0.11.0-3.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm tfm-rubygem-text-1.3.0-7.el7sat.src.rpm tfm-rubygem-thor-1.0.1-2.el7sat.src.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm tfm-rubygem-uber-0.1.0-1.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm</p> <p>noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm candlepin-3.1.21-1.el7sat.noarch.rpm candlepin-selinux-3.1.21-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-2.1.2.19-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-cli-2.1.2.19-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm foreman-ec2-2.1.2.19-1.el7sat.noarch.rpm foreman-gce-2.1.2.19-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-journald-2.1.2.19-1.el7sat.noarch.rpm foreman-libvirt-2.1.2.19-1.el7sat.noarch.rpm foreman-openstack-2.1.2.19-1.el7sat.noarch.rpm foreman-ovirt-2.1.2.19-1.el7sat.noarch.rpm foreman-postgresql-2.1.2.19-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm foreman-selinux-2.1.2.3-1.el7sat.noarch.rpm foreman-service-2.1.2.19-1.el7sat.noarch.rpm foreman-telemetry-2.1.2.19-1.el7sat.noarch.rpm foreman-vmware-2.1.2.19-1.el7sat.noarch.rpm katello-3.16.0-1.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm katello-selinux-3.4.0-1.el7sat.noarch.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm python3-async-timeout-3.0.1-2.el7ar.noarch.rpm python3-attrs-19.3.0-3.el7ar.noarch.rpm python3-chardet-3.0.4-10.el7ar.noarch.rpm python3-dateutil-2.8.1-2.el7ar.noarch.rpm python3-idna-2.4-2.el7ar.noarch.rpm python3-idna-ssl-1.1.0-2.el7ar.noarch.rpm python3-prometheus-client-0.7.1-2.el7ar.noarch.rpm python3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm python3-six-1.11.0-8.el7ar.noarch.rpm python3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm receptor-0.6.3-1.el7ar.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm rubygem-rack-1.6.12-1.el7sat.noarch.rpm rubygem-rake-0.9.2.2-41.el7sat.noarch.rpm satellite-6.8.0-1.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-cli-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm tfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm tfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm tfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm tfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm tfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm tfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm tfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm tfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm tfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm tfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm tfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm tfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm</p> <p>x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_passenger-4.0.18-24.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm pcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm python3-aiohttp-3.6.2-4.el7ar.x86_64.rpm python3-multidict-4.7.4-2.el7ar.x86_64.rpm python3-yarl-1.4.2-2.el7ar.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm rubygem-facter-2.4.1-2.el7sat.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm rubygem-passenger-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm</p> <p>These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/</p> <ol> <li>References:</li> </ol> <p>https://access.redhat.com/security/cve/CVE-2018-3258 https://access.redhat.com/security/cve/CVE-2018-11751 https://access.redhat.com/security/cve/CVE-2019-12781 https://access.redhat.com/security/cve/CVE-2019-16782 https://access.redhat.com/security/cve/CVE-2020-5216 https://access.redhat.com/security/cve/CVE-2020-5217 https://access.redhat.com/security/cve/CVE-2020-5267 https://access.redhat.com/security/cve/CVE-2020-7238 https://access.redhat.com/security/cve/CVE-2020-7663 https://access.redhat.com/security/cve/CVE-2020-7942 https://access.redhat.com/security/cve/CVE-2020-7943 https://access.redhat.com/security/cve/CVE-2020-8161 https://access.redhat.com/security/cve/CVE-2020-8184 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11619 https://access.redhat.com/security/cve/CVE-2020-14061 https://access.redhat.com/security/cve/CVE-2020-14062 https://access.redhat.com/security/cve/CVE-2020-14195 https://access.redhat.com/security/cve/CVE-2020-14334 https://access.redhat.com/security/cve/CVE-2020-14380 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK 1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa 5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr oomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f Z8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io OhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX k9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG C2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5 /6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta D2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a f4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG 1yK/tAm1KBU=osSG -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Summary:</p> <p>This is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):</p> <p>JBEAP-18881 - Upgrade Undertow to 2.0.30.SP1 JBEAP-18974 - Upgrade snakeyaml to 1.26 JBEAP-18975 - Upgrade cryptacular to 1.2.4 JBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001 JBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4 JBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final JBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final JBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final JBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes</p> <ol> <li>Solution:</li> </ol> <p>To install this update, do the following:</p> <ol> <li>Download the Data Grid 7.3.7 server patch from the customer portal. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1595621 - CVE-2017-7658 jetty: Incorrect header handling 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender</p> <ol> <li>The purpose of this text-only errata is to inform you about the security issues fixed in this release. </li> </ol> <p>Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 7) - noarch</p> <ol> <li>Description:</li> </ol> <p>The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Bugs fixed (https://bugzilla.redhat.com/):</p> <p>1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime</p> <p>6</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202003-1776" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202003-1776" aria-expanded="false" aria-controls="collapseJsonvar-202003-1776"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202003-1776&t=Vulnerability var-202003-1776" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202003-1776&title=Vulnerability var-202003-1776" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202003-1776&url=https://vulnerability.circl.lu/vuln/var-202003-1776" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202003-1776&title=Vulnerability var-202003-1776" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202003-1776&description=Vulnerability var-202003-1776" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202003-1776&title=Vulnerability var-202003-1776" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202003-1776')" vuln-id="var-202003-1776" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202003-1776"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202003-1776">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1776", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "insurance policy administration j2ee", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.1.0.15" }, { "model": "retail sales audit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.3" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.1" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "financial services price creation and discovery", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.2" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "communications network charging and control", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "12.0.3" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "financial services institutional performance analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "financial services analytical applications infrastructure", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.1.0" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.8.11.6" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "global lifecycle management opatch", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "12.2.0.1.20" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.9.7" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.4" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.4.2" }, { "model": "financial services retail customer analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications network charging and control", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "12.0.0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.0.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.5.0" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.4.2" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.2" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "financial services analytical applications infrastructure", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "banking platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "2.4.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.4.0.0" }, { "model": "insurance policy administration j2ee", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2.25" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.4.0" }, { "model": "banking platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "2.9.0" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.8.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.2" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "financial services institutional performance analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "financial services price creation and discovery", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "steelstore cloud integrated storage", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "communications calendar server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.1" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.0" }, { "model": "financial services institutional performance analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "jackson-databind", "scope": "eq", "trust": 0.8, "vendor": "fasterxml", "version": "2.9.10.4" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-003491" }, { "db": "NVD", "id": "CVE-2020-10969" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.4", "versionStartIncluding": "2.9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.8.11.6", "versionStartIncluding": "2.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7.9.7", "versionStartIncluding": "2.7.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.1.0", "versionStartIncluding": "8.0.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.0.3", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.9.0", "versionStartIncluding": "2.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.2.0.1.20", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-10969" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "157859" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157322" }, { "db": "CNNVD", "id": "CNNVD-202003-1627" } ], "trust": 1.3 }, "cve": "CVE-2020-10969", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-003491", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-163500", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-10969", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-003491", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-10969", "trust": 1.0, "value": "HIGH" }, { "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "id": "CVE-2020-10969", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2020-003491", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202003-1627", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-163500", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-10969", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-163500" }, { "db": "VULMON", "id": "CVE-2020-10969" }, { "db": "JVNDB", "id": "JVNDB-2020-003491" }, { "db": "CNNVD", "id": "CNNVD-202003-1627" }, { "db": "NVD", "id": "CVE-2020-10969" }, { "db": "NVD", "id": "CVE-2020-10969" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A code issue vulnerability exists in javax.swing.JEditorPane in versions 2.x prior to FasterXML jackson-databind 2.9.10.4. A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Satellite 6.8 release\nAdvisory ID: RHSA-2020:4366-01\nProduct: Red Hat Satellite 6\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4366\nIssue date: 2020-10-27\nCVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781\n CVE-2019-16782 CVE-2020-5216 CVE-2020-5217\n CVE-2020-5267 CVE-2020-7238 CVE-2020-7663\n CVE-2020-7942 CVE-2020-7943 CVE-2020-8161\n CVE-2020-8184 CVE-2020-8840 CVE-2020-9546\n CVE-2020-9547 CVE-2020-9548 CVE-2020-10693\n CVE-2020-10968 CVE-2020-10969 CVE-2020-11619\n CVE-2020-14061 CVE-2020-14062 CVE-2020-14195\n CVE-2020-14334 CVE-2020-14380\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Satellite 6.8 for RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Satellite 6.7 - noarch, x86_64\nRed Hat Satellite Capsule 6.8 - noarch, x86_64\n\n3. Description:\n\nRed Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized tool. \n\nSecurity Fix(es):\n\n* mysql-connector-java: Connector/J unspecified vulnerability (CPU October\n2018) (CVE-2018-3258)\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n* rubygem-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7663)\n* puppet: puppet server and puppetDB may leak sensitive information via\nmetrics API (CVE-2020-7943)\n* jackson-databind: multiple serialization gadgets (CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)\n* foreman: unauthorized cache read on RPM-based installations through local\nuser (CVE-2020-14334)\n* Satellite: Local user impersonation by Single sign-on (SSO) user leads to\naccount takeover (CVE-2020-14380)\n* Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n(CVE-2019-12781)\n* rubygem-rack: hijack sessions by using timing attacks targeting the\nsession id (CVE-2019-16782)\n* rubygem-secure_headers: limited header injection when using dynamic\noverrides with user input (CVE-2020-5216)\n* rubygem-secure_headers: directive injection when using dynamic overrides\nwith user input (CVE-2020-5217)\n* rubygem-actionview: views that use the `j` or `escape_javascript` methods\nare susceptible to XSS attacks (CVE-2020-5267)\n* puppet: Arbitrary catalog retrieval (CVE-2020-7942)\n* rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)\n* rubygem-rack: percent-encoded cookies can be used to overwrite existing\nprefixed cookie names (CVE-2020-8184)\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n* puppet-agent: Puppet Agent does not properly verify SSL connection when\ndownloading a CRL (CVE-2018-11751)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\n* Provides the Satellite Ansible Modules that allow for full automation of\nyour Satellite configuration and deployment. \n\n* Adds ability to install Satellite and Capsules and manage hosts in a IPv6\nnetwork environment\n\n* Ansible based Capsule Upgrade automation: Ability to centrally upgrade\nall of your Capsule servers with a single job execution. \n\n* Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest\nversion of Puppet\n\n* Support for HTTP UEFI provisioning\n\n* Support for CAC card authentication with Keycloak integration\n\n* Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8\nusing the LEAPP based tooling. \n\n* Support for Red Hat Enterprise Linux Traces integration\n\n* satellite-maintain \u0026 foreman-maintain are now self updating\n\n* Notifications in the UI to warn users when subscriptions are expiring. \n\nThe items above are not a complete list of changes. This update also fixes\nseveral bugs and adds various enhancements. Documentation for these changes\nis available from the Release Notes document linked to in the References\nsection. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1160344 - [RFE] Satellite support for cname as alternate cname for satellite server\n1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems\n1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy\n1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt\n1398317 - For the vms built by Satellite 6 using \"Network Based\" installation mode on VMWare, unable to change the boot sequence via BIOS\n1410616 - [RFE] Prominent notification of expiring subscriptions. \n1410916 - Should only be able to add repositories you have access to\n1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3\n1461781 - [RFE]A button should be available in the GUI to clear the recurring logics. \n1469267 - need updated rubygem-rake\n1486446 - Content view versions list has slow query for package count\n1486696 - \u0027hammer host update\u0027 removes existing host parameters\n1494180 - Sorting by network address for subnet doesn\u0027t work properly\n1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost\n1503037 - [RFE] Cancelled future/recurring job invocations should not get the status \"failed\" but rather \"cancelled\"\n1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for \"172.17.0.101\"\n1531674 - Operating System Templates are ordered inconsistently in UI. \n1537320 - [RFE] Support for Capsules at 1 version lower than Satellite\n1543316 - Satellite 6.2 Upgrade Fails with error \"rake aborted! NoMethodError: undefined method `first\u0027 for nil:NilClass\" when there are custom bookmarks created\n1563270 - Sync status information is lost after cleaning up old tasks related to sync. \n1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers (\u0027ECDHE-RSA-AES128-GCM-SHA256\u0027, \u0027ECDHE-RSA-AES256-GCM-SHA384\u0027)\n1571907 - Passenger threads throwing tracebacks on API jobs after spawning\n1576859 - [RFE] Implement automatic assigning subnets through data provided by facter\n1584184 - [RFE] The locked template is getting overridden by default\n1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box\n1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template\n1608001 - Rearrange search/filter options on Red Hat Repositories page. \n1613391 - race condition on removing multiple organizations simultaneously\n1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot\n1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version\n1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui\n1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization\n1625258 - Having empty \"Allocation (GB)\" when creating a new Host, nil:NilClass returned on creating the Host\n1627066 - Unable to revert to the original version of the provisioning template\n1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules\n1630536 - yum repos password stored as cleartext\n1632577 - Audit log show \u0027missing\u0027 for adding/removing repository to a CV\n1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)\n1645062 - host_collection controller responds with 200 instead of 201 to a POST request\n1645749 - repositories controller responds with 200 instead of 201 to a POST request\n1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build\n1647364 - [RFE] Extend the audits by the http request id\n1647781 - Audits contain no data (Added foo to Missing(ID: x))\n1651297 - Very slow query when using facts on user roles as filters\n1653217 - [RFE] More evocative name for Play Ansible Roles option?\n1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks\n1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,\n1659418 - katello-tracer-upload failing with error \"ImportError: No module named katello\"\n1665277 - subscription manager register activation key with special character failed\n1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal\n1666693 - Command \"hammer subscription list\" is not correctly showing the comment \"Guests of \" in the \"Type\" field in the output. \n1677907 - Ansible API endpoints return 404\n1680157 - [RFE] Puppet \u0027package\u0027 provider type does not support selecting modularity streams\n1680458 - Locked Report Templates are getting removed. \n1680567 - Reporting Engine API to list report template per organization/location returns 404 error\n1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite\n1685949 - [RFE] Support passing of attribute name instead of Id\u0027s in RHV workflow\n1687116 - kernel version checks should not use /lib/modules to determine running version\n1688886 - subscription-manager not attaching the right quantity per the cpu core\n1691416 - Delays when many clients upload tracer data simultaneously\n1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself\n1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don\u0027t match runtime permissions\n1705097 - An empty report file doesn\u0027t show any headers\n1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service\n1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed\n1710511 - Filter by os_minor includes unexpected values on the Satellite web UI. \n1715999 - Use Infoblox API for DNS conflict check and not system resolver\n1716423 - Nonexistent quota can be set\n1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page\n1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array\n1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally\n1719509 - [RFE] \"hammer host list\" including erratas information\n1719516 - [RFE] \"hammer host-collection hosts\" including erratas information\n1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition\n1721419 - SSH key cannot be added when FIPS enabled\n1722954 - Slow performance when running \"hammer host list\" with a high number of Content Hosts (15k+ for example)\n1723313 - foreman_tasks:cleanup description contain inconsistent information\n1724494 - [Capsule][smart_proxy_dynflow_core] \"PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start\"\n1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name\n1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear\n1730083 - [RFE] Add Jobs button to host detail page\n1731155 - Cloud init template missing snippet compared to Kickstart default user data\n1731229 - podman search against Red Hat Satellite 6 fails. \n1731235 - [RFE] Create Report Template to list inactive hosts\n1733241 - [RFE] hammer does not inherit parent location information\n1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN\n1736809 - undefined method `split\u0027 for nil:NilClass when viewing the host info with hammer\n1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host. \n1737564 - [RFE] Support custom images on Azure\n1738548 - Parameter --openscap-proxy-id is missing in hammer host create command. \n1740943 - Increasing Ansible verbosity level does not increase the verbosity of output\n1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location. \n1743776 - Error while deleting the content view version. \n1745516 - Multiple duplicate index entries are present in candlepin database\n1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI. \n1749692 - Default Rhel8 scap content does not get populated on the Satellite\n1749916 - [RFE] Satellite should support certificates with \u003e 2048 Key size\n1751981 - Parent object properties are not propagated to Child objects in Location and Host Group\n1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command\n1753551 - Traces output from Satellite GUI has mismatches with client tracer output\n1756991 - 2 inputs with same name -\u003e uninitialized constant #\u003cClass:0x000000000b894c38\u003e::NonUniqueInputsError\n1757317 - [RFE] Dynflow workers extraction\n1757394 - [BUG] Non-admin users always get \"Missing one of the required permissions\" message while accessing their own table_preferences via Satellite 6 API\n1759160 - Rake task for cleaning up DHCP records on proxy\n1761872 - Disabled buttons are still working\n1763178 - [RFE] Unnecessary call to userhelp and therefore log entries\n1763816 - [RFE] Report which users access the API\n1766613 - Fact search bar broken and resets to only searching hostname\n1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting\n1767497 - Compute Resource filter does not correctly allow Refresh Cache\n1767635 - [RFE] Enable Organization and Location to be entered not just selected\n1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer. \n1770544 - Puppet run job notification do not populate \"%{puppet_options}\"\u0027 value\n1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method `[]\u0027 for nil:NilClass\n1771367 - undefined method `request_uri\u0027 when Openidc Provider Token Endpoint is none\n1771428 - Openscap documentation link on Satellite 6 webui is broke\n1771484 - Client side documentation links are not branded\n1771693 - \u0027Deployed on\u0027 parameter is not listed in API output\n1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order\n1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again\n1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt\n1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare\n1774710 - UI: When selecting the server type in ldap authentication, \"attribute mappings\" fields could be populated automatically\n1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)\n1778503 - Prepended text on OS name creation\n1778681 - Some pages are missing title in html head\n1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI. \n1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly\n1782352 - [RHEL 8.1 client] All packages are not getting updated after click on \"Update All Packages\"\n1782426 - Viewing errata from a repository returns incorrect unfiltered results\n1783568 - [RFE] - Bulk Tracer Remediation\n1783882 - Ldap refresh failed with \"Validation failed: Adding would cause a cycle!\"\n1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log\n1784341 - disable CertificateRevocationListTask job in candlepin.conf by default\n1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file\n1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6. \n1785624 - [UI] Importing templates with associate \u0027never\u0027 is not resulting as expected\n1785683 - Does not load datacenter when multiple compute resources are created for same VCenter\n1785902 - Ansible RunHostJob tasks failed with \"Failed to initialize: NoMethodError - undefined method `[]\u0027 for nil:NilClass\"\n1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date\n1787329 - change filename in initrd live CPIO archive to fdi.iso\n1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL\n1788958 - [RFE] add \"elapsed time\" column to export and hammer, make it filterable in WebUI\n1789006 - Smart proxy dynflow core listens on 0.0.0.0\n1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id\n1789434 - Template editor not always allows refreshing of the preview pane\n1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely\n1789686 - Non-admin user with enough permissions can\u0027t generate report of applicable errata\n1789815 - The \"start\" parameter should be mentioned inside \"--compute-attributes:\" in hammer_cli for Satellite 6\n1789911 - \"foreman-rake katello:publish_unpublished_repositories\" is referring to column which no longer exists in katello_repositories table. \n1789924 - [RFE] As user I want to see a \"disabled\" status for Simple Content Access (Golden Ticketed) Orgs\n1791654 - drop config_templates api endpoints and parameters\n1791656 - drop deprecated host status endpoint\n1791658 - drop reports api endpoint\n1791659 - Remove `use_puppet_default` api params\n1791663 - remove deprecated permissions api parameters\n1791665 - drop deprecated compute resource uuid parameter\n1792131 - [UI] Could not specify organization/location for users that come from keycloak\n1792135 - Not able to login again if session expired from keycloak\n1792174 - [RFE] Subscription report template\n1792304 - When generating custom report, leave output format field empty\n1792378 - [RFE] Long role names are cut off in the roles UI\n1793951 - [RFE] Display request UUID on audits page\n1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists\n1794346 - Change the label for the flashing eye icon during user impersonation\n1794641 - Sync status page\u0027s content are not being displayed properly. \n1795809 - HTML tags visible on paused task page\n1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled\n1796205 - iso upload: correctly check if upload directory exists\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1796259 - loading subscriptions page is very slow\n1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode\n1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout\n1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server\n1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state. \n1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host\n1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input\n1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input\n1802529 - Repository sync in tasks page shows percentage in 17 decimal points\n1802631 - Importing Ansible variables yields NoMethodError: undefined method `map\u0027 for nil:NilClass (initialize_variables) [variables_importer.rb]\n1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none\n1804496 - While performing bulk actions, unable to select all tasks under Monitor --\u003e Tasks page. \n1804651 - Missing information about \"Create Capsule\" via webUI\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7\n1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error\n1806842 - Disabling dynflow_enable_console from setting should hide \"Dynflow console\" in Tasks\n1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method `mtu\u0027\n1807042 - [RFE] Support additional disks for VM on Azure Compute Resource\n1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics. \n1807829 - Generated inventory file doesn\u0027t exist\n1807946 - Multiple duplicate index entries are present in foreman database\n1808843 - Satellite lists unrelated RHV storage domains using v4 API\n1810250 - Unable to delete repository - Content with ID could not be found\n1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd\n1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection\n1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic \"errata\" page instead\n1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units\n1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana\u0027s API specification\n1812904 - \u0027Hypervisors\u0027 task fails with \u0027undefined method `[]\u0027 for nil:NilClass\u0027 error\n1813005 - Prevent --tuning option to be applied in Capsule servers\n1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)\n1814095 - Applicable errata not showing up for module stream errata\n1815104 - Locked provisioning template should not be allowed to add audit comment\n1815135 - hammer does not support description for custom repositories\n1815146 - Backslash escapes when downloading a JSON-formatted report multiple times\n1815608 - Content Hosts has Access to Content View from Different Organization\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1816699 - Satellite Receptor Installer role can miss accounts under certain conditions\n1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval\n1816853 - Report generated by Red Hat Inventory Uploads is empty. \n1817215 - Admin must be able to provide all the client ids involved inside Satellite settings. \n1817224 - Loading one org\u0027s content view when switching to a different org\n1817481 - Plugin does not set page \u003ctitle\u003e\n1817728 - Default task polling is too frequent at scale\n1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com. \n1818062 - Deprecated message about katello agent being shown on content host registration page\n1818816 - Web console should open in a new tab/window\n1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1820193 - Deleted Global Http Proxy is still being used during repository sync. \n1820245 - reports in JSON format can\u0027t handle unicode characters\n1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512\n1821335 - Inventory plugin captures information for systems with any entitlement\n1821457 - [RFE] Capsules shouldn\u0027t update hosts\u0027 \"Registered through\" facts on the Satellite server in a load-balanced configuration. \n1821629 - Eager zero seems to do nothing\n1821651 - Manifest import task progress remains at 0. \n1821752 - New version of the plugin is available: 1.0.5\n1822039 - Get HTTP error when deploying the virt-who configure plugin\n1822560 - Unable to sync large openshift docker repos\n1823905 - Update distributor version to sat-6.7\n1823991 - [RFE] Add a more performant way to sort reports\n1824183 - Virtual host get counted as physical hosts on cloud.redhat.com\n1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes \"Blank\"\n1825760 - schedule inventory plugin sync failed due to \u0027organization_id\u0027 typecasting issue. \n1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy\n1825978 - Manifest refresh failed with \u0027Katello::Errors::CandlepinError Invalid credentials.\u0027 error\n1826298 - even when I cancel ReX job, remediation still shows it as running\n1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images\n1826515 - [RFE] Consume Candlepin events via STOMP\n1826625 - Improve performance of externalNodes\n1826678 - New version of the plugin is available: 2.0.6\n1826734 - Tasks uses wrong controller name for bookmarks\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories\n1827583 - Installing dhcp_isc and dhcp_remote_isc fails with \"You cannot specify the same gem twice with different version requirements.....You specified: rsec (\u003c 1) and rsec (\u003e= 0)\"\n1828257 - Receptor init file missing [Install] section, receptor service won\u0027t run after restart\n1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API\n1828549 - Manifest Certificate Exposed by Unprivileged User\n1828682 - Create compute resource shows console error \u0027Cannot read property \u0027aDataSort\u0027 of undefined\u0027\n1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default\n1828868 - Add keep alive option in Receptor node\n1829487 - Ansible verbosity level does not work\n1829766 - undefined method `tr\u0027 for nil:NilClass when trying to get a new DHCP lease from infoblox\n1830253 - Default job templates are not locked\n1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time\n1830834 - Unable to update default value of a smart class parameter (Sql query error). \n1830860 - Refactor loading regions based on subscription dynamically\n1830882 - Red Hat Satellite brand icon is missing\n1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo\n1831528 - CVE-2020-5267 rubygem-actionview: views that use the `j` or `escape_javascript` methods are susceptible to XSS attacks\n1833031 - Improve RH account ID fetching in cloud connector playbook\n1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)\n1833039 - Introduce error code to playbook_run_finished response type\n1833311 - \"Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid\" while creating scap policy with ansible deployment option. \n1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of \u0027/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud\u0027 returned 1: Error: Nothing to do\n1834377 - Disable mongo FTDC\n1834866 - Missing macro for \"registered_at\" host subscription facet\n1834898 - Login Page background got centralized and cropped\n1835189 - Missing macro for \"host_redhat_subscriptions\" in host subscription facet\n1835241 - Some applicability of the consumers are not recalculated after syncing a repository\n1835882 - While executing \"Configure Cloud Connector\" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting\n1836155 - Support follow on rails, travis and i18n work for AzureRm plugin\n1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman. \n1836774 - Some foreman services failed to start (pulp_streamer)\n1836845 - \"Generate at\" in report template should be current date\n1837951 - \"invalid Unicode Property \\p: /\\b\\perform various actions through those proxies\\b(?!-)/\" warning messages appears in dynflow-sidekiq@worker-hosts-queue\n1838160 - \u0027Registered hosts\u0027 report does not list kernel release for rhsm clients\n1838191 - Arrow position is on left rather in the middle under \"Start Time\"\n1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory\n1838917 - Repositories are not showing their available Release versions due to a low default db pool size\n1838963 - Hypervisors from Satellite, never makes their way to HBI\n1838965 - Product name link is not working on the activation keys \"Repository Sets\" tab. \n1839025 - Configure Cloud Connector relies on information which is no longer provided by the API\n1839649 - satellite-installer --reset returns a traceback\n1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds\n1839779 - undefined local variable or method `implicit_order_column\u0027 for #\u003cActiveRecord::Associations::CollectionProxy\u003e on GET request to /discovery_rules endpoint\n1839966 - New version of the plugin is available: 2.0.7\n1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out . \n1840191 - Validate parameters passed by receptor to the receptor-satellite plugin\n1840218 - ArgumentError: wrong number of arguments\n1840525 - Content host list doesn\u0027t update after the successful deletion of content host. \n1840635 - Proxy has failed to load one or more features (Realm)\n1840723 - Selected scenario is DISABLED, can not continue\n1840745 - Satellite installation failed with puppet error \" No Puppet module parser is installed\"\n1841098 - Failed to resolve package dependency while doing satellite upgrade. \n1841143 - Known hosts key removal may fail hard, preventing host from being provisioned\n1841573 - Clicking breadcrumb \"Auth Source Ldaps\" on Create LDAP Auth Source results in \"The page you were looking for doesn\u0027t exist.\"\n1841818 - icons missing on /pub download page\n1842900 - ERROR! the role \u0027satellite-receptor\u0027 was not found in ... \n1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/\n1843406 - In 6.8, Receptor installation playbook\u0027s inputs are visible again\n1843561 - Report templates duplicated\n1843846 - Host - Registered Content Hosts report: \"Safemode doesn\u0027t allow to access \u0027report_hraders\u0027 on #\u003cSafemode::ScopeObject\u003e\"\n1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8\n1843926 - satellite-change-hostname fails when running nsupdate\n1844142 - [RFE] Drop a subsription-manager fact with the satellite version\n1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP\n1845486 - [RFE] Able to select \u0027HTTP Proxy\u0027 during Compute Resource create for \u0027GCE\u0027 as similar to EC2\n1845860 - hammer org add-provisioning-template command returns Error: undefined method `[]\u0027 for nil:NilClass\n1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1846254 - need to restart services after enabling leapp plugin\n1846313 - Add index on locks for resource type and task id\n1846317 - undefined method `klass\u0027 for nil:NilClass\n1846421 - build pxe default do not work when more than 1 provider\n1846593 - Satellite-installer failed with error \"Could not find a suitable provider for foreman_smartproxy\" while doing upgrade from 6.7 to 6.8\n1847019 - Empty applicability for non-modular repos\n1847063 - Slow manifest import and/or refresh\n1847407 - load_pools macro not in list of macros\n1847645 - Allow override of Katello\u0027s DISTRIBUTOR_VERSION\n1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details. \n1847840 - Libvirt note link leads to 404\n1847871 - Combined Profile Update: ArgumentError: invalid argument: nil. \n1848291 - Download kernel/initram for kexec asynchronously\n1848535 - Unable to create a pure IPv6 host\n1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)\n1848902 - ERF42-0258 [Foreman::Exception]: \u003cuuid\u003e is not valid, enter id or name\n1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory\n1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool\n1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms\n1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule\n1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names\n1849656 - ERROR! You cannot use loops on \u0027import_tasks\u0027 statements. You should use \u0027include_tasks\u0027 instead. \n1849680 - Task progress decimal precision discrepancy between UI, CLI, and API\n1849869 - Unable to recycle the dynflow executor\n1850355 - Auth Source Role Filters are not working in Satellite 6.8\n1850536 - Can\u0027t add RHEV with APIv3 through Hammer\n1850914 - Checksum type \"sha256\" is not available for all units in the repository. Make sure those units have been downloaded\n1850934 - Satellite-installer failed with error \"Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)\"\n1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates\n1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9\n1851167 - Autoattach -\u003e \"undefined\" subscription added\n1851176 - Subscriptions do not provide any repository sets\n1851952 - \"candlepin_events FAIL Not running\" and wont restart\n1852371 - Allow http proxy ports by default\n1852723 - Broken link for documentation on installation media page\n1852733 - Inventory upload documentation redirects to default location\n1852735 - New version of the plugin is available: 2.0.8\n1853076 - large capsule syncs cause slow processing of dynflow tasks/steps\n1853200 - foreman-rake-db:migrate Fails on \"No indexes found on foreman_tasks_locks with the options provided\"\n1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7\n1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh\n1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views\n1853572 - Broken documentation link for \u0027RHV\u0027 in Compute Resource\n1854138 - System purpose status should show as \u0027disabled\u0027 when Satellite is in Simple Content Access mode. \n1854397 - Compliance reports are not being uploaded to satellite. \n1854530 - PG::NotNullViolation when syncing hosts from cloud\n1855008 - Host parameters are set after the host is created. \n1855254 - Links to documentation broken in HTTP Proxies setup\n1855348 - katello_applicability accidentally set to true at install\n1855710 - \u0027Ensure RPM repository is configured and enabled\u0027 task says \u0027FIXME\u0027\n1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page. \n1856379 - Add missing VM creation tests\n1856401 - [RFE] Add module to create HTTP Proxy\n1856831 - New version of the plugin is available: 2.0.9\n1856837 - undefined method \u0027#httpboot\u0027 for NilClass::Jail (NilClass) when creating an IPv6 only host\n1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500\n1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos\n1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos\n1857377 - Capsule Upgrade Playbook fails with \"Failed to initialize: NoMethodError - undefined method `default_capsule\u0027 for Katello:Module\"\n1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError\n1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename. \n1857726 - Warnings are shown during the satellite package installation on RHEL 7.9\n1858237 - Upgraded Satellite has duplicated katello_pools indexes\n1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user\n1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite\n1858855 - Creating compute resources on IPV6 network does not fail gracefully\n1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf\n1859194 - load_hosts macro duplicated in a list of macros\n1859276 - Need to update the deprecation warning message on Statistics and Trends page. \n1859705 - Tomcat is not running on fresh Capsule installation\n1859929 - User can perform other manifest actions while the first one starts\n1860351 - \u0027Host - compare content hosts packages\u0027 report fails with error \u0027undefined method \u0027#first\u0027 for NilClass\u0027\n1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed\n1860422 - Host with remediations can\u0027t be removed\n1860430 - \u0027Host - compare content hosts packages\u0027 report: Safemode doesn\u0027t allow to access \u0027version\u0027... \n1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service\n1860519 - Browsing capsule /pub directory with https fails with forbidden don\u0027t have permission to access /pub/ error. \n1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8\n1860587 - Documentation link in Administer -\u003e About pointing to 6.6 document. \n1860835 - Installed Packages not displayed on About page\n1860957 - Unable to select an organization for sync management\n1861367 - Import Template sync never completes\n1861397 - UI dialog for Capsule Upgrade Playbook job doesn\u0027t state whitelist_options is required\n1861422 - Error encountered while handling the response, replying with an error message (\u0027plugin_config\u0027)\n1861656 - smart-proxy-openscap-send command fails to upload reports to satellite. \n1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request\n1861766 - Add ability to list traces by host with hammer\n1861807 - Cancel/Abort button should be disabled once REX job is finish\n1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer\n1861831 - satellite-change-hostname cannot change the satellite hostname after failing. \n1861890 - Recommended repos do not match Satellite version\n1861970 - Content -\u003e Product doesn\u0027t work when no organization is selected\n1862135 - updating hosts policy using bulk action fails with sql error\n1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite. \n1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6\n1865871 - Obfuscated hosts do not have domain reported\n1865872 - Templates doc - examples on onepage.html are not processed\n1865874 - Add inventory status to host\n1865876 - Make recommendations count in hosts index a link\n1865879 - Add automatic scheduler for insights sync\n1865880 - Add an explanation how to enable insights sync\n1865928 - Templates documentation help page has hard-coded Satellite setting value\n1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently\n1866029 - Templates DSL documentation: Parts of description are put in \u003cpre\u003e tag\n1866436 - host search filter does not work in job invocation page\n1866461 - Run action is missing in job templates page\n1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page\n1866700 - Hammer CLI is missing \"resolve\" (traces) option for katello-tracer\n1866710 - Wrong API endpoint path referenced for resolving host traces\n1867239 - hammer content-view version incremental-update fails with ISE\n1867287 - Error Row was updated or deleted by another transaction when deleting docker repository\n1867311 - Upgrade fails when checkpoint_segments postgres parameter configured\n1867399 - Receptor-satellite isn\u0027t able to deal with jobs where all the hosts are unknown to satellite\n1867895 - API Create vmware ComputeResource fails with \"Datacenter can\u0027t be blank\"\n1868183 - Unable to change virt-who hypervisor location. \n1868971 - Receptor installation job doesn\u0027t properly escape data it puts into receptor.conf\n1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)\u0027 messages come in upgrade and installation. \n1869812 - Tasks fail to complete under load\n1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow\n1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)\n1871434 - theme css \".container\" class rule is too generic\n1871729 - ansible-runner implementation depends on third party repository for ansible-runner package. \n1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout\n1871978 - Bug in provisioning_template Module\n1872014 - Enable web console on host error in \"Oops, we\u0027re sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console\"\n1872041 - Host search returns incorrect result\n1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result\n1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover\n1874143 - Red Hat Inventory Uploads does not use proxy\n1874160 - Changing Content View of a Content Host needs to better inform the user around client needs\n1874168 - Sync Plan fails with \u0027uninitialized constant Actions::Foreman::Exception\u0027\n1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file\n1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)\n1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow\n1874176 - Unable to search by value of certain Hostgroup parameter\n1874422 - Hits Sync uses only old proxy setting\n1874619 - Hostgroup tag is never reported in slice\n1875357 - After upgrade server response check failed for candlepin. \n1875426 - Azure VM provision fails with error `requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`\n1875660 - Reporting Template macros host_cores is not working as expected\n1875667 - Audit page list incorrect search filter\n1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only\n1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding\n1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries\n1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-*.csv\n1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-*.csv\n1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-*.csv\n1878194 - In Capsule upgrade, \"yum update\" dump some error messages. \n1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled\n1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections\n1878850 - creating host from hg doesn\u0027t resolves the user-data template\n1879151 - Remote execution status not updating with large number of hosts\n1879448 - Add hits details to host details page\n1879451 - Stop uploading if Satellite\u0027s setting is disconnected\n1879453 - Add plugin version to report metadata\n1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP\n1880637 - [6.8] satellite-installer always runs upgrade steps\n1881066 - Safemode doesn\u0027t allow to access \u0027host_cores\u0027 on #\u003cSafemode::ScopeObject\u003e\n1881078 - Use Passenger instead of Puma as the Foreman application server\n1881988 - [RFE] IPv6 support for Satellite 6.8\n1882276 - Satellite installation fails at execution of \u0027/usr/sbin/foreman-rake -- config -k \u0027remote_execution_cockpit_url\u0027 -v \u0027/webcon/=%{host}\u0027\u0027\n1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results\n1883093 - installer-upgrade failed with error \"Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)\"\n1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error \"HTTP error (500 - Internal Server Error): Unable to register system, not all services available\"\n1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals\n1887489 - Insights rules can\u0027t be loaded on freshly installed Satellite system\n1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO\n\n6. Package List:\n\nRed Hat Satellite Capsule 6.8:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-child-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-common-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nRed Hat Satellite 6.7:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncandlepin-3.1.21-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nforeman-selinux-2.1.2.3-1.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npcp-mmvstatsd-0.4-2.el7sat.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-aiohttp-3.6.2-4.el7ar.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-async-timeout-3.0.1-2.el7ar.src.rpm\npython-attrs-19.3.0-3.el7ar.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-chardet-3.0.4-10.el7ar.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-dateutil-2.8.1-2.el7ar.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-idna-2.4-2.el7ar.src.rpm\npython-idna-ssl-1.1.0-2.el7ar.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-multidict-4.7.4-2.el7ar.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-prometheus-client-0.7.1-2.el7ar.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-receptor-satellite-1.2.0-1.el7sat.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-six-1.11.0-8.el7ar.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-typing-extensions-3.7.4.1-2.el7ar.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-yarl-1.4.2-2.el7ar.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nreceptor-0.6.3-1.el7ar.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm\nrubygem-facter-2.4.1-2.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nrubygem-passenger-4.0.18-24.el7sat.src.rpm\nrubygem-rack-1.6.12-1.el7sat.src.rpm\nrubygem-rake-0.9.2.2-41.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.src.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.src.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.src.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.src.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.src.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.src.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.src.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.src.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.src.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.src.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.src.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncandlepin-3.1.21-1.el7sat.noarch.rpm\ncandlepin-selinux-3.1.21-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-2.1.2.19-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-cli-2.1.2.19-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ec2-2.1.2.19-1.el7sat.noarch.rpm\nforeman-gce-2.1.2.19-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-journald-2.1.2.19-1.el7sat.noarch.rpm\nforeman-libvirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-openstack-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ovirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-postgresql-2.1.2.19-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nforeman-selinux-2.1.2.3-1.el7sat.noarch.rpm\nforeman-service-2.1.2.19-1.el7sat.noarch.rpm\nforeman-telemetry-2.1.2.19-1.el7sat.noarch.rpm\nforeman-vmware-2.1.2.19-1.el7sat.noarch.rpm\nkatello-3.16.0-1.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkatello-selinux-3.4.0-1.el7sat.noarch.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\npython3-async-timeout-3.0.1-2.el7ar.noarch.rpm\npython3-attrs-19.3.0-3.el7ar.noarch.rpm\npython3-chardet-3.0.4-10.el7ar.noarch.rpm\npython3-dateutil-2.8.1-2.el7ar.noarch.rpm\npython3-idna-2.4-2.el7ar.noarch.rpm\npython3-idna-ssl-1.1.0-2.el7ar.noarch.rpm\npython3-prometheus-client-0.7.1-2.el7ar.noarch.rpm\npython3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm\npython3-six-1.11.0-8.el7ar.noarch.rpm\npython3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nreceptor-0.6.3-1.el7ar.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nrubygem-rack-1.6.12-1.el7sat.noarch.rpm\nrubygem-rake-0.9.2.2-41.el7sat.noarch.rpm\nsatellite-6.8.0-1.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-cli-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_passenger-4.0.18-24.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\npython3-aiohttp-3.6.2-4.el7ar.x86_64.rpm\npython3-multidict-4.7.4-2.el7ar.x86_64.rpm\npython3-yarl-1.4.2-2.el7ar.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm\nrubygem-facter-2.4.1-2.el7sat.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nrubygem-passenger-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-3258\nhttps://access.redhat.com/security/cve/CVE-2018-11751\nhttps://access.redhat.com/security/cve/CVE-2019-12781\nhttps://access.redhat.com/security/cve/CVE-2019-16782\nhttps://access.redhat.com/security/cve/CVE-2020-5216\nhttps://access.redhat.com/security/cve/CVE-2020-5217\nhttps://access.redhat.com/security/cve/CVE-2020-5267\nhttps://access.redhat.com/security/cve/CVE-2020-7238\nhttps://access.redhat.com/security/cve/CVE-2020-7663\nhttps://access.redhat.com/security/cve/CVE-2020-7942\nhttps://access.redhat.com/security/cve/CVE-2020-7943\nhttps://access.redhat.com/security/cve/CVE-2020-8161\nhttps://access.redhat.com/security/cve/CVE-2020-8184\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11619\nhttps://access.redhat.com/security/cve/CVE-2020-14061\nhttps://access.redhat.com/security/cve/CVE-2020-14062\nhttps://access.redhat.com/security/cve/CVE-2020-14195\nhttps://access.redhat.com/security/cve/CVE-2020-14334\nhttps://access.redhat.com/security/cve/CVE-2020-14380\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK\n1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa\n5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr\noomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f\nZ8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io\nOhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX\nk9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG\nC2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5\n/6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta\nD2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a\nf4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG\n1yK/tAm1KBU=osSG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18881 - Upgrade Undertow to 2.0.30.SP1\nJBEAP-18974 - Upgrade snakeyaml to 1.26\nJBEAP-18975 - Upgrade cryptacular to 1.2.4\nJBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001\nJBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final\nJBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final\nJBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final\nJBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes\n\n6. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1595621 - CVE-2017-7658 jetty: Incorrect header handling\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n\n5. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 7) - noarch\n\n3. Description:\n\nThe jackson-databind package provides general data-binding functionality\nfor Jackson, which works on top of Jackson core streaming API. Bugs fixed (https://bugzilla.redhat.com/):\n\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n\n6", "sources": [ { "db": "NVD", "id": "CVE-2020-10969" }, { "db": "JVNDB", "id": "JVNDB-2020-003491" }, { "db": "VULHUB", "id": "VHN-163500" }, { "db": "VULMON", "id": "CVE-2020-10969" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "157859" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157322" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-10969", "trust": 3.3 }, { "db": "PACKETSTORM", "id": "159208", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "158651", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "159724", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-003491", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202003-1627", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "157859", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "157322", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.1399", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1766", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2588", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3190", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1368", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3703", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1882", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2619", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "NSFOCUS", "id": "48375", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "158650", "trust": 0.2 }, { "db": "CNVD", "id": "CNVD-2020-24034", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-163500", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-10969", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158636", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-163500" }, { "db": "VULMON", "id": "CVE-2020-10969" }, { "db": "JVNDB", "id": "JVNDB-2020-003491" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "157859" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157322" }, { "db": "CNNVD", "id": "CNNVD-202003-1627" }, { "db": "NVD", "id": "CVE-2020-10969" } ] }, "id": "VAR-202003-1776", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-163500" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T19:54:00.141000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Block one more gadget type (javax.swing, CVE-2020-10969) #2642", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2642" }, { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115311" }, { "title": "Red Hat: Important: rh-maven35-jackson-databind security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201523 - security advisory" }, { "title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203779 - security advisory" }, { "title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 19 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202333 - security advisory" }, { "title": "Red Hat: Important: Satellite 6.8 release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204366 - security advisory" }, { "title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory" }, { "title": "IBM: Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affect IBM Sterling B2B Integrator", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9bb4efe27af18414a7db703d1dd40070" }, { "title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory" }, { "title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202067 - security advisory" }, { "title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2ec7385c474071281be069b54d841de6" }, { "title": "cubed", "trust": 0.1, "url": "https://github.com/yahoo/cubed " }, { "title": "Java-Deserialization-CVEs", "trust": 0.1, "url": "https://github.com/palindromelabs/java-deserialization-cves " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-10969" }, { "db": "JVNDB", "id": "JVNDB-2020-003491" }, { "db": "CNNVD", "id": "CNNVD-202003-1627" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-163500" }, { "db": "JVNDB", "id": "JVNDB-2020-003491" }, { "db": "NVD", "id": "CVE-2020-10969" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20200403-0002/" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2642" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html" }, { "trust": 1.0, "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.8, "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10969" }, { "trust": 0.7, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2020-10968" }, { "trust": 0.7, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.7, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.7, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2020-10969" }, { "trust": 0.7, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-11112" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-9547" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-11113" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-11111" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-denial-of-service-via-jeditorpane-serialization-gadgets-typing-32062" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1368/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3703/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/157859/red-hat-security-advisory-2020-2333-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2588/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2619/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1766/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/157322/red-hat-security-advisory-2020-1523-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1882/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3190/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159724/red-hat-security-advisory-2020-4366-01.html" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/48375" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1399/" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9546" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-10672" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-11619" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9548" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-8840" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-7238" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-17573" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-14061" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-20445" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10673" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-20444" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-14062" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-11620" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-20330" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14060" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-16869" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-12423" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11612" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-1745" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-10086" }, { "trust": 0.2, "url": "https://access.redhat.com/errata/rhsa-2020:1523" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-13990" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9512" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12406" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9514" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9515" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9518" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-14195" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16335" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1695" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16942" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16943" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14888" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14892" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-17531" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-17267" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14540" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14893" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-10172" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1757" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/palindromelabs/java-deserialization-cves" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3196" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:4366" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16782" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16782" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12781" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-5267" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14380" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11751" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7943" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8184" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14334" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11751" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-5217" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12781" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5267" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7663" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5217" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7663" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14380" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8184" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7942" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10693" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8161" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14334" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7943" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-5216" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2333" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/19/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0210" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14887" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10688" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xeap-cd\u0026downloadtype=securitypatches\u0026version\u0019" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10174" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0205" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1732" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3197" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9488" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=securitypatches\u0026version=7.3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3779" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10714" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7658" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1710" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-7658" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1748" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3831" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-12541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4970" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9827" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9511" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1953" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12400" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3192" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3797" } ], "sources": [ { "db": "VULHUB", "id": "VHN-163500" }, { "db": "VULMON", "id": "CVE-2020-10969" }, { "db": "JVNDB", "id": "JVNDB-2020-003491" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "157859" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157322" }, { "db": "CNNVD", "id": "CNNVD-202003-1627" }, { "db": "NVD", "id": "CVE-2020-10969" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-163500" }, { "db": "VULMON", "id": "CVE-2020-10969" }, { "db": "JVNDB", "id": "JVNDB-2020-003491" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "157859" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157322" }, { "db": "CNNVD", "id": "CNNVD-202003-1627" }, { "db": "NVD", "id": "CVE-2020-10969" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-26T00:00:00", "db": "VULHUB", "id": "VHN-163500" }, { "date": "2020-03-26T00:00:00", "db": "VULMON", "id": "CVE-2020-10969" }, { "date": "2020-04-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-003491" }, { "date": "2020-07-29T17:52:58", "db": "PACKETSTORM", "id": "158650" }, { "date": "2020-10-27T16:58:42", "db": "PACKETSTORM", "id": "159724" }, { "date": "2020-05-28T16:22:46", "db": "PACKETSTORM", "id": "157859" }, { "date": "2020-07-29T17:53:05", "db": "PACKETSTORM", "id": "158651" }, { "date": "2020-09-17T14:07:40", "db": "PACKETSTORM", "id": "159208" }, { "date": "2020-07-29T00:05:59", "db": "PACKETSTORM", "id": "158636" }, { "date": "2020-04-21T14:19:58", "db": "PACKETSTORM", "id": "157322" }, { "date": "2020-03-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-1627" }, { "date": "2020-03-26T13:15:13.077000", "db": "NVD", "id": "CVE-2020-10969" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-07T00:00:00", "db": "VULHUB", "id": "VHN-163500" }, { "date": "2021-12-07T00:00:00", "db": "VULMON", "id": "CVE-2020-10969" }, { "date": "2020-04-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-003491" }, { "date": "2022-06-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-1627" }, { "date": "2024-07-03T01:36:09.833000", "db": "NVD", "id": "CVE-2020-10969" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "159724" }, { "db": "CNNVD", "id": "CNNVD-202003-1627" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind Unreliable data deserialization vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-003491" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-1627" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202101-1938">var-202101-1938</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>===================================================================== Red Hat Security Advisory</p> <p>Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================</p> <ol> <li>Summary:</li> </ol> <p>Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Description:</li> </ol> <p>Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. </p> <ol> <li>Solution:</li> </ol> <p>This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:</p> <p>https://access.redhat.com/errata/RHBA-2021:1232</p> <p>All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor</p> <p>For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:</p> <p>https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html</p> <p>Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:</p> <p>https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):</p> <p>LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"</p> <p>5</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202101-1938" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202101-1938" aria-expanded="false" aria-controls="collapseJsonvar-202101-1938"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202101-1938&t=Vulnerability var-202101-1938" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202101-1938&title=Vulnerability var-202101-1938" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202101-1938&url=https://vulnerability.circl.lu/vuln/var-202101-1938" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202101-1938&title=Vulnerability var-202101-1938" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202101-1938&description=Vulnerability var-202101-1938" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202101-1938&title=Vulnerability var-202101-1938" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202101-1938')" vuln-id="var-202101-1938" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202101-1938"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202101-1938">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1938", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "communications policy management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.5.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "communications pricing design center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.0" }, { "model": "retail customer management and segmentation foundation", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "commerce platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.2" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.6.7.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.3.2" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.5.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "banking treasury management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3" }, { "model": "cloud backup", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "data integrator", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0.2" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.4.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "retail customer management and segmentation foundation", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "communications unified inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4.1" }, { "model": "communications convergent charging controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "insurance rules palette", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "goldengate application adapters", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1.0.0.0" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "communications diameter signaling route", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.5.0.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.0" }, { "model": "insurance rules palette", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "communications diameter signaling route", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "communications services gatekeeper", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.10" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0" }, { "model": "insurance policy administration", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "insurance policy administration", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12.0" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.2" }, { "model": "communications offline mediation controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3.1" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.11" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "communications cloud native core policy", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.14.0" }, { "model": "communications cloud native core unified data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.4.0" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.8" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.2.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0.4" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.0.0" }, { "model": "service level manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "commerce platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.5.0.23.0" }, { "model": "blockchain platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.1.2" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0.3" }, { "model": "insurance policy administration", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.11" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.1" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.4" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.6" }, { "model": "service level manager", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "jackson-databind", "scope": null, "trust": 0.8, "vendor": "fasterxml", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015588" }, { "db": "NVD", "id": "CVE-2020-36184" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.8", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.2", "versionStartIncluding": "11.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.10", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.11", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.0", "versionStartIncluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.5.0.0", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.4.0", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.1.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-36184" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202101-344" } ], "trust": 0.8 }, "cve": "CVE-2020-36184", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-36184", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-381451", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-36184", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-36184", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202101-344", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-381451", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-36184", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-381451" }, { "db": "VULMON", "id": "CVE-2020-36184" }, { "db": "JVNDB", "id": "JVNDB-2020-015588" }, { "db": "NVD", "id": "CVE-2020-36184" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-344" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2020-36184" }, { "db": "JVNDB", "id": "JVNDB-2020-015588" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-381451" }, { "db": "VULMON", "id": "CVE-2020-36184" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-36184", "trust": 2.8 }, { "db": "PACKETSTORM", "id": "162350", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162493", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015588", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021110515", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021050708", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042826", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1397", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1437", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1573", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-344", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-381451", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-36184", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381451" }, { "db": "VULMON", "id": "CVE-2020-36184" }, { "db": "JVNDB", "id": "JVNDB-2020-015588" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36184" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-344" } ] }, "id": "VAR-202101-1938", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-381451" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T10:54:57.208000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "NTAP-20210205-0005", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138948" }, { "title": "IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "Al1ex", "trust": 0.1, "url": "https://github.com/al1ex/al1ex " }, { "title": "PoC", "trust": 0.1, "url": "https://github.com/jonathan-elias/poc " }, { "title": "PoC-in-GitHub", "trust": 0.1, "url": "https://github.com/developer3000s/poc-in-github " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-36184" }, { "db": "JVNDB", "id": "JVNDB-2020-015588" }, { "db": "CNNVD", "id": "CNNVD-202101-344" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.1 }, { "problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381451" }, { "db": "JVNDB", "id": "JVNDB-2020-015588" }, { "db": "NVD", "id": "CVE-2020-36184" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { "trust": 1.8, "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2998" }, { "trust": 1.8, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184" }, { "trust": 0.7, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1437" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6455267" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021110515" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042826" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1397" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1573" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021050708" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19360" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20190" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14719" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35491" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36180" }, { "trust": 0.2, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36188" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36179" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36182" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24750" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36186" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14379" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/al1ex/al1ex" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1230" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2021:1232" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2163" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1515" } ], "sources": [ { "db": "VULHUB", "id": "VHN-381451" }, { "db": "VULMON", "id": "CVE-2020-36184" }, { "db": "JVNDB", "id": "JVNDB-2020-015588" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36184" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-344" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-381451" }, { "db": "VULMON", "id": "CVE-2020-36184" }, { "db": "JVNDB", "id": "JVNDB-2020-015588" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36184" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-344" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-06T00:00:00", "db": "VULHUB", "id": "VHN-381451" }, { "date": "2021-01-06T00:00:00", "db": "VULMON", "id": "CVE-2020-36184" }, { "date": "2021-10-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015588" }, { "date": "2021-04-27T15:37:46", "db": "PACKETSTORM", "id": "162350" }, { "date": "2021-05-06T15:03:00", "db": "PACKETSTORM", "id": "162493" }, { "date": "2021-01-06T23:15:13.017000", "db": "NVD", "id": "CVE-2020-36184" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-01-06T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-344" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-02T00:00:00", "db": "VULHUB", "id": "VHN-381451" }, { "date": "2022-09-02T00:00:00", "db": "VULMON", "id": "CVE-2020-36184" }, { "date": "2021-10-06T01:05:00", "db": "JVNDB", "id": "JVNDB-2020-015588" }, { "date": "2023-09-13T14:57:10.147000", "db": "NVD", "id": "CVE-2020-36184" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-07-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-344" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-344" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015588" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202003-1782">var-202003-1782</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. An attacker could exploit this vulnerability to execute arbitrary code with a specially crafted request. Description:</p> <p>Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>==================================================================== <br /> Red Hat Security Advisory</p> <p>Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update Advisory ID: RHSA-2020:2511-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:2511 Issue date: 2020-06-10 CVE Names: CVE-2018-14371 CVE-2019-0205 CVE-2019-0210 CVE-2019-10172 CVE-2019-12423 CVE-2019-14887 CVE-2019-17573 CVE-2020-1695 CVE-2020-1729 CVE-2020-1745 CVE-2020-1757 CVE-2020-6950 CVE-2020-7226 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10688 CVE-2020-10719 ==================================================================== 1. Summary:</p> <p>An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Relevant releases/architectures:</li> </ol> <p>Red Hat JBoss EAP 7.3 for RHEL 6 Server - noarch</p> <ol> <li>Description:</li> </ol> <p>Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. </p> <p>This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. </p> <p>Security Fix(es):</p> <ul> <li> <p>cxf: reflected XSS in the services listing page (CVE-2019-17573)</p> </li> <li> <p>cxf-core: cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)</p> </li> <li> <p>jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)</p> </li> <li> <p>undertow: servletPath in normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)</p> </li> <li> <p>jackson-databind: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)</p> </li> <li> <p>jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)</p> </li> <li> <p>resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)</p> </li> <li> <p>cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)</p> </li> <li> <p>smallrye-config: SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader (CVE-2020-1729)</p> </li> <li> <p>resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688)</p> </li> <li> <p>jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)</p> </li> <li> <p>undertow: invalid HTTP request with large chunk size (CVE-2020-10719)</p> </li> <li> <p>jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)</p> </li> <li> <p>jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)</p> </li> <li> <p>jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)</p> </li> <li> <p>undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)</p> </li> <li> <p>libthrift: thrift: Endless loop when feed with specific input data (CVE-2019-0205)</p> </li> <li> <p>libthrift: thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)</p> </li> <li> <p>wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887)</p> </li> <li> <p>jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)</p> </li> <li> <p>jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371)</p> </li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. </p> <ol> <li>Solution:</li> </ol> <p>Before applying this update, ensure all previously released errata relevant to your system have been applied. </p> <p>For details about how to apply this update, see:</p> <p>https://access.redhat.com/articles/11258</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId 1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page 1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation 1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader 1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size</p> <ol> <li>JIRA issues fixed (https://issues.jboss.org/):</li> </ol> <p>JBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final JBEAP-18060 - <a href="7.3.z">GSS</a> Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001 JBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001 JBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012 JBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core JBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core JBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final JBEAP-18277 - <a href="7.3.z">GSS</a> Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001 JBEAP-18288 - <a href="7.3.z">GSS</a> Upgrade FasterXML from 2.10.0 to 2.10.3 JBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10 JBEAP-18302 - <a href="7.3.z">GSS</a> Upgrade wildfly-http-client from 1.0.18 to 1.0.20 JBEAP-18315 - <a href="7.3.z">GSS</a> Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010 JBEAP-18346 - <a href="7.3.z">GSS</a> Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002 JBEAP-18352 - <a href="7.3.z">GSS</a> Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001 JBEAP-18361 - <a href="7.3.z">GSS</a> Upgrade Woodstox from 5.0.3 to 6.0.3 JBEAP-18367 - <a href="7.3.z">GSS</a> Upgrade Hibernate ORM from 5.3.15 to 5.3.16 JBEAP-18393 - <a href="7.3.z">GSS</a> Update $JBOSS_HOME/docs/schema to show https schema URL instead of http JBEAP-18397 - Tracker bug for the EAP 7.3.1 release for RHEL-6 JBEAP-18409 - <a href="7.3.z">GSS</a> Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001 JBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final JBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001 JBEAP-18596 - <a href="7.3.z">GSS</a> Upgrade JBoss Modules from 1.9.1 to 1.10.0 JBEAP-18598 - <a href="7.3.z">GSS</a> Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002 JBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001 JBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001 JBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final JBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001 JBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001 JBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001 JBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001 JBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006 JBEAP-18836 - <a href="7.3.z">GSS</a> Upgrade Remoting JMX from 3.0.3 to 3.0.4 JBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2 JBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002 JBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0 JBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2 JBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3 JBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3 JBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4 JBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final JBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001 JBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002 JBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1 JBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004 JBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001 JBEAP-19117 - <a href="7.3.z">GSS</a> Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001 JBEAP-19133 - <a href="7.3.z">GSS</a> Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001 JBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001 JBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001 JBEAP-19192 - (7.3.z) Update the Japanese translations JBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001 JBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001 JBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final</p> <ol> <li>Package List:</li> </ol> <p>Red Hat JBoss EAP 7.3 for RHEL 6 Server:</p> <p>Source: eap7-activemq-artemis-2.9.0-4.redhat_00010.1.el6eap.src.rpm eap7-apache-cxf-3.3.5-1.redhat_00001.1.el6eap.src.rpm eap7-bouncycastle-1.60.0-2.redhat_00002.1.el6eap.src.rpm eap7-codehaus-jackson-1.9.13-10.redhat_00007.1.el6eap.src.rpm eap7-cryptacular-1.2.4-1.redhat_00001.1.el6eap.src.rpm eap7-elytron-web-1.6.1-1.Final_redhat_00001.1.el6eap.src.rpm eap7-glassfish-jaxb-2.3.3-4.b02_redhat_00001.1.el6eap.src.rpm eap7-glassfish-jsf-2.3.9-10.SP09_redhat_00001.1.el6eap.src.rpm eap7-hal-console-3.2.8-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-5.3.16-1.Final_redhat_00001.1.el6eap.src.rpm eap7-infinispan-9.4.18-1.Final_redhat_00001.1.el6eap.src.rpm eap7-ironjacamar-1.4.20-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jackson-annotations-2.10.3-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-core-2.10.3-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-databind-2.10.3-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-jaxrs-providers-2.10.3-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-modules-base-2.10.3-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-modules-java8-2.10.3-1.redhat_00001.1.el6eap.src.rpm eap7-jaegertracing-jaeger-client-java-0.34.3-1.redhat_00001.1.el6eap.src.rpm eap7-jakarta-el-3.0.3-1.redhat_00002.1.el6eap.src.rpm eap7-jandex-2.1.2-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jasypt-1.9.3-1.redhat_00001.1.el6eap.src.rpm eap7-jboss-ejb-client-4.0.31-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-genericjms-2.0.4-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-3.SP02_redhat_00001.1.el6eap.src.rpm eap7-jboss-modules-1.10.0-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-remoting-5.0.18-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-remoting-jmx-3.0.4-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-server-migration-1.7.1-5.Final_redhat_00006.1.el6eap.src.rpm eap7-jboss-vfs-3.2.15-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-weld-3.1-api-3.1.0-6.SP2_redhat_00001.1.el6eap.src.rpm eap7-microprofile-config-1.4.0-1.redhat_00003.1.el6eap.src.rpm eap7-microprofile-health-2.2.0-1.redhat_00001.1.el6eap.src.rpm eap7-microprofile-metrics-2.3.0-1.redhat_00001.1.el6eap.src.rpm eap7-microprofile-opentracing-1.3.3-1.redhat_00001.1.el6eap.src.rpm eap7-microprofile-rest-client-1.4.0-1.redhat_00004.1.el6eap.src.rpm eap7-opensaml-3.3.1-1.redhat_00002.1.el6eap.src.rpm eap7-picketbox-5.0.3-7.Final_redhat_00006.1.el6eap.src.rpm eap7-picketlink-bindings-2.5.5-23.SP12_redhat_00012.1.el6eap.src.rpm eap7-resteasy-3.11.2-3.Final_redhat_00002.1.el6eap.src.rpm eap7-slf4j-jboss-logmanager-1.0.4-1.GA_redhat_00001.1.el6eap.src.rpm eap7-smallrye-config-1.6.2-3.redhat_00004.1.el6eap.src.rpm eap7-smallrye-health-2.2.0-1.redhat_00004.1.el6eap.src.rpm eap7-smallrye-metrics-2.4.0-1.redhat_00004.1.el6eap.src.rpm eap7-smallrye-opentracing-1.3.4-1.redhat_00004.1.el6eap.src.rpm eap7-snakeyaml-1.24.0-2.redhat_00001.1.el6eap.src.rpm eap7-stax2-api-4.2.0-1.redhat_00001.1.el6eap.src.rpm eap7-sun-istack-commons-3.0.10-1.redhat_00001.1.el6eap.src.rpm eap7-undertow-2.0.30-3.SP3_redhat_00001.1.el6eap.src.rpm eap7-weld-core-3.1.4-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-7.3.1-5.GA_redhat_00003.1.el6eap.src.rpm eap7-wildfly-elytron-1.10.6-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-http-client-1.0.20-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-naming-client-1.0.12-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-transaction-client-1.1.11-1.Final_redhat_00001.1.el6eap.src.rpm eap7-woodstox-core-6.0.3-1.redhat_00001.1.el6eap.src.rpm eap7-wss4j-2.2.5-1.redhat_00001.1.el6eap.src.rpm</p> <p>noarch: eap7-activemq-artemis-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-cli-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-commons-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-core-client-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-dto-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-jms-client-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-jms-server-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-journal-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-ra-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-selector-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-server-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-activemq-artemis-tools-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm eap7-apache-cxf-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-apache-cxf-rt-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-apache-cxf-services-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-apache-cxf-tools-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-bouncycastle-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm eap7-bouncycastle-mail-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm eap7-bouncycastle-pkix-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm eap7-bouncycastle-prov-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm eap7-codehaus-jackson-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm eap7-codehaus-jackson-core-asl-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm eap7-codehaus-jackson-jaxrs-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm eap7-codehaus-jackson-mapper-asl-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm eap7-codehaus-jackson-xc-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm eap7-codemodel-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm eap7-cryptacular-1.2.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-glassfish-jaxb-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm eap7-glassfish-jsf-2.3.9-10.SP09_redhat_00001.1.el6eap.noarch.rpm eap7-hal-console-3.2.8-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-core-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-entitymanager-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-envers-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-java8-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-jdbc-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-remote-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-client-hotrod-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-commons-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-core-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-api-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-api-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-validator-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-istack-commons-runtime-3.0.10-1.redhat_00001.1.el6eap.noarch.rpm eap7-istack-commons-tools-3.0.10-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-annotations-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-core-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-databind-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-datatype-jdk8-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-datatype-jsr310-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-jaxrs-base-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-modules-base-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-modules-java8-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jaegertracing-jaeger-client-java-0.34.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jaegertracing-jaeger-client-java-core-0.34.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jaegertracing-jaeger-client-java-thrift-0.34.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jakarta-el-3.0.3-1.redhat_00002.1.el6eap.noarch.rpm eap7-jandex-2.1.2-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jasypt-1.9.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-jaxb-jxc-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm eap7-jaxb-runtime-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm eap7-jaxb-xjc-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-ejb-client-4.0.31-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-genericjms-2.0.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-3.SP02_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-modules-1.10.0-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-remoting-5.0.18-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-remoting-jmx-3.0.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-server-migration-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-core-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-vfs-3.2.15-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-weld-3.1-api-3.1.0-6.SP2_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-weld-3.1-api-weld-api-3.1.0-6.SP2_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-weld-3.1-api-weld-spi-3.1.0-6.SP2_redhat_00001.1.el6eap.noarch.rpm eap7-microprofile-config-1.4.0-1.redhat_00003.1.el6eap.noarch.rpm eap7-microprofile-config-api-1.4.0-1.redhat_00003.1.el6eap.noarch.rpm eap7-microprofile-health-2.2.0-1.redhat_00001.1.el6eap.noarch.rpm eap7-microprofile-metrics-2.3.0-1.redhat_00001.1.el6eap.noarch.rpm eap7-microprofile-metrics-api-2.3.0-1.redhat_00001.1.el6eap.noarch.rpm eap7-microprofile-opentracing-1.3.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-microprofile-opentracing-api-1.3.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-microprofile-rest-client-1.4.0-1.redhat_00004.1.el6eap.noarch.rpm eap7-microprofile-rest-client-api-1.4.0-1.redhat_00004.1.el6eap.noarch.rpm eap7-opensaml-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-core-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-profile-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-saml-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-saml-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-security-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-security-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-soap-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-xacml-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-xacml-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-xacml-saml-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-xacml-saml-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-xmlsec-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-opensaml-xmlsec-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-picketbox-5.0.3-7.Final_redhat_00006.1.el6eap.noarch.rpm eap7-picketbox-infinispan-5.0.3-7.Final_redhat_00006.1.el6eap.noarch.rpm eap7-picketlink-bindings-2.5.5-23.SP12_redhat_00012.1.el6eap.noarch.rpm eap7-picketlink-wildfly8-2.5.5-23.SP12_redhat_00012.1.el6eap.noarch.rpm eap7-relaxng-datatype-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-atom-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-cdi-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-client-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-client-microprofile-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-crypto-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-jackson-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-jackson2-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-jaxb-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-jaxrs-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-jettison-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-jose-jwt-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-jsapi-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-json-binding-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-json-p-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-multipart-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-rxjava2-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-spring-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-validator-provider-11-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-yaml-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm eap7-rngom-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm eap7-slf4j-jboss-logmanager-1.0.4-1.GA_redhat_00001.1.el6eap.noarch.rpm eap7-smallrye-config-1.6.2-3.redhat_00004.1.el6eap.noarch.rpm eap7-smallrye-health-2.2.0-1.redhat_00004.1.el6eap.noarch.rpm eap7-smallrye-metrics-2.4.0-1.redhat_00004.1.el6eap.noarch.rpm eap7-smallrye-opentracing-1.3.4-1.redhat_00004.1.el6eap.noarch.rpm eap7-snakeyaml-1.24.0-2.redhat_00001.1.el6eap.noarch.rpm eap7-stax2-api-4.2.0-1.redhat_00001.1.el6eap.noarch.rpm eap7-sun-istack-commons-3.0.10-1.redhat_00001.1.el6eap.noarch.rpm eap7-txw2-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-2.0.30-3.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-server-1.6.1-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-weld-core-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-weld-core-impl-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-weld-core-jsf-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-weld-ejb-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-weld-jta-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-weld-probe-core-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-weld-web-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-7.3.1-5.GA_redhat_00003.1.el6eap.noarch.rpm eap7-wildfly-elytron-1.10.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-client-common-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-javadocs-7.3.1-5.GA_redhat_00003.1.el6eap.noarch.rpm eap7-wildfly-modules-7.3.1-5.GA_redhat_00003.1.el6eap.noarch.rpm eap7-wildfly-naming-client-1.0.12-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-transaction-client-1.1.11-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-woodstox-core-6.0.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-wss4j-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-wss4j-bindings-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-wss4j-policy-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-wss4j-ws-security-common-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-wss4j-ws-security-dom-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-wss4j-ws-security-policy-stax-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-wss4j-ws-security-stax-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm eap7-xsom-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm</p> <p>These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/</p> <ol> <li>References:</li> </ol> <p>https://access.redhat.com/security/cve/CVE-2018-14371 https://access.redhat.com/security/cve/CVE-2019-0205 https://access.redhat.com/security/cve/CVE-2019-0210 https://access.redhat.com/security/cve/CVE-2019-10172 https://access.redhat.com/security/cve/CVE-2019-12423 https://access.redhat.com/security/cve/CVE-2019-14887 https://access.redhat.com/security/cve/CVE-2019-17573 https://access.redhat.com/security/cve/CVE-2020-1695 https://access.redhat.com/security/cve/CVE-2020-1729 https://access.redhat.com/security/cve/CVE-2020-1745 https://access.redhat.com/security/cve/CVE-2020-1757 https://access.redhat.com/security/cve/CVE-2020-6950 https://access.redhat.com/security/cve/CVE-2020-7226 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10688 https://access.redhat.com/security/cve/CVE-2020-10719 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBXuEwDdzjgjWX9erEAQj5vA//da7dJ0mPXDfnjDddloLp4GhZFSzpMf+8 XOA1pa8mFiDSXeJd4LoO3jDTPQnOsvnLX/4WoMFK227o+mKMWo74ArjeEg9EosT3 YaqI77IMexUuVjBHnvKygiB8ZYCXLS3PXiC/Ods5I5Xt07uxvsu9bl328RSX2TQR fhD/EAbc8vopMD10off7iXSgNh320EW/2GJKhJDoXhdvkZyifc5gu9/SaDq1JH1Q ol8FyVhdJCiDu1cqw/LBMT1J8BSJuJI+y9b7eqyQ4oZOIhpJ5BsMgcJmmLMjgnBA X1b1CtCJy9KbhNgLIqC+og37Bce2MDfAames/HC6wyZyryeChzhVYxhOw25YUk+W hBTOfQN273TIEp/Nom/SNYKrG2D9a3ki+7AeGOHRDQbfhBXeogYHftIT+h7sErAe EfkGoAE+pGeQiNXLDkSx6eZodxednpK4S8LoysUpkCAyl1Zfd2TjbVGyZNIcOEtO kCNtJ0giM7ZccXLnA+aC/X6M0c27pd8sl2eIgkBaLymEoEYW+BgdxSE5HD5hhC/p P6WT3nq8R5k0xmRXGXOEK2ireHIjQAfhADmv50YJv4wkbfbXADl1AImiLprgnrGI y2sYyVzXGC4APQZJCgUG61wZkRp8QDtnjAdfJujSzuxg3KpE/x1MQJqlnibKflUN uvhlMQF+ipU=W6+1 -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . </p> <p>The References section of this erratum contains a download link (you must log in to download the update). </p> <p>The JBoss server process must be restarted for the update to take effect</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202003-1782" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202003-1782" aria-expanded="false" aria-controls="collapseJsonvar-202003-1782"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202003-1782&t=Vulnerability var-202003-1782" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202003-1782&title=Vulnerability var-202003-1782" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202003-1782&url=https://vulnerability.circl.lu/vuln/var-202003-1782" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202003-1782&title=Vulnerability var-202003-1782" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202003-1782&description=Vulnerability var-202003-1782" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202003-1782&title=Vulnerability var-202003-1782" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202003-1782')" vuln-id="var-202003-1782" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202003-1782"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202003-1782">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1782", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "banking platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "2.4.0" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "9.5" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.1" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.1" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.4.0" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.2" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.2" }, { "model": "global lifecycle management opatch", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "12.2.0.1.20" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "retail sales audit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.8.11.6" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.0.1" }, { "model": "communications calendar server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.3" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.9.7" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications network charging and control", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "12.0.3" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.0.0" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.4.2" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.2" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "7.3" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.4.2" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.1" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "banking platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "2.9.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.4" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.5.0" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications network charging and control", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "12.0.0" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.4.0.0" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.8.0" }, { "model": "jackson-databind", "scope": "eq", "trust": 0.8, "vendor": "fasterxml", "version": "2.9.10.4" }, { "model": "ops center analyzer viewpoint", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "(\u6d77\u5916\u8ca9\u58f2\u306e\u307f)" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-002437" }, { "db": "NVD", "id": "CVE-2020-9548" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.4", "versionStartIncluding": "2.9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.8.11.6", "versionStartIncluding": "2.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7.9.7", "versionStartIncluding": "2.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "versionStartIncluding": "9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.0.3", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.9.0", "versionStartIncluding": "2.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.2.0.1.20", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-9548" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "158048" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "158282" }, { "db": "PACKETSTORM", "id": "158037" }, { "db": "PACKETSTORM", "id": "158047" }, { "db": "PACKETSTORM", "id": "158038" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202003-040" } ], "trust": 1.4 }, "cve": "CVE-2020-9548", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-002437", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-187673", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-9548", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-002437", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-9548", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "JVNDB-2020-002437", "trust": 0.8, "value": "Critical" }, { "author": "CNNVD", "id": "CNNVD-202003-040", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-187673", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-9548", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-187673" }, { "db": "VULMON", "id": "CVE-2020-9548" }, { "db": "JVNDB", "id": "JVNDB-2020-002437" }, { "db": "CNNVD", "id": "CNNVD-202003-040" }, { "db": "NVD", "id": "CVE-2020-9548" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. An attacker could exploit this vulnerability to execute arbitrary code with a specially crafted request. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update\nAdvisory ID: RHSA-2020:2511-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:2511\nIssue date: 2020-06-10\nCVE Names: CVE-2018-14371 CVE-2019-0205 CVE-2019-0210\n CVE-2019-10172 CVE-2019-12423 CVE-2019-14887\n CVE-2019-17573 CVE-2020-1695 CVE-2020-1729\n CVE-2020-1745 CVE-2020-1757 CVE-2020-6950\n CVE-2020-7226 CVE-2020-8840 CVE-2020-9546\n CVE-2020-9547 CVE-2020-9548 CVE-2020-10688\n CVE-2020-10719\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.3 for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.3 for RHEL 6 Server - noarch\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0,\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.3.1 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* cxf: reflected XSS in the services listing page (CVE-2019-17573)\n\n* cxf-core: cxf: OpenId Connect token service does not properly validate\nthe clientId (CVE-2019-12423)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* undertow: servletPath in normalized incorrectly leading to dangerous\napplication mapping which could result in security bypass (CVE-2020-1757)\n\n* jackson-databind: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in\nMediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* cryptacular: excessive memory allocation during a decode operation\n(CVE-2020-7226)\n\n* smallrye-config: SmallRye: SecuritySupport class is incorrectly public\nand contains a static method to access the current threads context class\nloader (CVE-2020-1729)\n\n* resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected\nXSS attack (CVE-2020-10688)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n(CVE-2020-8840)\n\n* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config\n(CVE-2020-9546)\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)\n\n* libthrift: thrift: Endless loop when feed with specific input data\n(CVE-2019-0205)\n\n* libthrift: thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not\nrespected if OpenSSL security provider is in use (CVE-2019-14887)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con\nparameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* jsf-impl: mojarra: Path traversal in\nResourceManager.java:getLocalePrefix() via the loc parameter\n(CVE-2018-14371)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, see the CVE page(s) listed in the\nReferences section. \n\n4. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol\n1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data\n1772008 - CVE-2019-14887 wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use\n1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId\n1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page\n1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation\n1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader\n1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final\nJBEAP-18060 - [GSS](7.3.z) Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001\nJBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001\nJBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012\nJBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core\nJBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core\nJBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final\nJBEAP-18277 - [GSS](7.3.z) Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001\nJBEAP-18288 - [GSS](7.3.z) Upgrade FasterXML from 2.10.0 to 2.10.3\nJBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10\nJBEAP-18302 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.18 to 1.0.20\nJBEAP-18315 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010\nJBEAP-18346 - [GSS](7.3.z) Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002\nJBEAP-18352 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001\nJBEAP-18361 - [GSS](7.3.z) Upgrade Woodstox from 5.0.3 to 6.0.3\nJBEAP-18367 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.15 to 5.3.16\nJBEAP-18393 - [GSS](7.3.z) Update $JBOSS_HOME/docs/schema to show https schema URL instead of http\nJBEAP-18397 - Tracker bug for the EAP 7.3.1 release for RHEL-6\nJBEAP-18409 - [GSS](7.3.z) Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001\nJBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final\nJBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001\nJBEAP-18596 - [GSS](7.3.z) Upgrade JBoss Modules from 1.9.1 to 1.10.0\nJBEAP-18598 - [GSS](7.3.z) Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002\nJBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001\nJBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001\nJBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final\nJBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001\nJBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001\nJBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001\nJBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001\nJBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006\nJBEAP-18836 - [GSS](7.3.z) Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2\nJBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002\nJBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0\nJBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2\nJBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3\nJBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3\nJBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4\nJBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final\nJBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001\nJBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002\nJBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1\nJBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004\nJBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001\nJBEAP-19117 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001\nJBEAP-19133 - [GSS](7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001\nJBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001\nJBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001\nJBEAP-19192 - (7.3.z) Update the Japanese translations\nJBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001\nJBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001\nJBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final\n\n7. Package List:\n\nRed Hat JBoss EAP 7.3 for RHEL 6 Server:\n\nSource:\neap7-activemq-artemis-2.9.0-4.redhat_00010.1.el6eap.src.rpm\neap7-apache-cxf-3.3.5-1.redhat_00001.1.el6eap.src.rpm\neap7-bouncycastle-1.60.0-2.redhat_00002.1.el6eap.src.rpm\neap7-codehaus-jackson-1.9.13-10.redhat_00007.1.el6eap.src.rpm\neap7-cryptacular-1.2.4-1.redhat_00001.1.el6eap.src.rpm\neap7-elytron-web-1.6.1-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-glassfish-jaxb-2.3.3-4.b02_redhat_00001.1.el6eap.src.rpm\neap7-glassfish-jsf-2.3.9-10.SP09_redhat_00001.1.el6eap.src.rpm\neap7-hal-console-3.2.8-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-hibernate-5.3.16-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-infinispan-9.4.18-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-ironjacamar-1.4.20-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jackson-annotations-2.10.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-core-2.10.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-databind-2.10.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-jaxrs-providers-2.10.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-modules-base-2.10.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-modules-java8-2.10.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jaegertracing-jaeger-client-java-0.34.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jakarta-el-3.0.3-1.redhat_00002.1.el6eap.src.rpm\neap7-jandex-2.1.2-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jasypt-1.9.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jboss-ejb-client-4.0.31-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-genericjms-2.0.4-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-3.SP02_redhat_00001.1.el6eap.src.rpm\neap7-jboss-modules-1.10.0-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-remoting-5.0.18-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-remoting-jmx-3.0.4-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-server-migration-1.7.1-5.Final_redhat_00006.1.el6eap.src.rpm\neap7-jboss-vfs-3.2.15-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-weld-3.1-api-3.1.0-6.SP2_redhat_00001.1.el6eap.src.rpm\neap7-microprofile-config-1.4.0-1.redhat_00003.1.el6eap.src.rpm\neap7-microprofile-health-2.2.0-1.redhat_00001.1.el6eap.src.rpm\neap7-microprofile-metrics-2.3.0-1.redhat_00001.1.el6eap.src.rpm\neap7-microprofile-opentracing-1.3.3-1.redhat_00001.1.el6eap.src.rpm\neap7-microprofile-rest-client-1.4.0-1.redhat_00004.1.el6eap.src.rpm\neap7-opensaml-3.3.1-1.redhat_00002.1.el6eap.src.rpm\neap7-picketbox-5.0.3-7.Final_redhat_00006.1.el6eap.src.rpm\neap7-picketlink-bindings-2.5.5-23.SP12_redhat_00012.1.el6eap.src.rpm\neap7-resteasy-3.11.2-3.Final_redhat_00002.1.el6eap.src.rpm\neap7-slf4j-jboss-logmanager-1.0.4-1.GA_redhat_00001.1.el6eap.src.rpm\neap7-smallrye-config-1.6.2-3.redhat_00004.1.el6eap.src.rpm\neap7-smallrye-health-2.2.0-1.redhat_00004.1.el6eap.src.rpm\neap7-smallrye-metrics-2.4.0-1.redhat_00004.1.el6eap.src.rpm\neap7-smallrye-opentracing-1.3.4-1.redhat_00004.1.el6eap.src.rpm\neap7-snakeyaml-1.24.0-2.redhat_00001.1.el6eap.src.rpm\neap7-stax2-api-4.2.0-1.redhat_00001.1.el6eap.src.rpm\neap7-sun-istack-commons-3.0.10-1.redhat_00001.1.el6eap.src.rpm\neap7-undertow-2.0.30-3.SP3_redhat_00001.1.el6eap.src.rpm\neap7-weld-core-3.1.4-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-wildfly-7.3.1-5.GA_redhat_00003.1.el6eap.src.rpm\neap7-wildfly-elytron-1.10.6-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-wildfly-http-client-1.0.20-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-wildfly-naming-client-1.0.12-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-wildfly-transaction-client-1.1.11-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-woodstox-core-6.0.3-1.redhat_00001.1.el6eap.src.rpm\neap7-wss4j-2.2.5-1.redhat_00001.1.el6eap.src.rpm\n\nnoarch:\neap7-activemq-artemis-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-cli-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-commons-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-core-client-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-dto-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-hornetq-protocol-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-hqclient-protocol-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-jdbc-store-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-jms-client-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-jms-server-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-journal-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-ra-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-selector-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-server-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-service-extensions-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-tools-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-apache-cxf-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-apache-cxf-rt-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-apache-cxf-services-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-apache-cxf-tools-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-bouncycastle-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm\neap7-bouncycastle-mail-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm\neap7-bouncycastle-pkix-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm\neap7-bouncycastle-prov-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm\neap7-codehaus-jackson-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm\neap7-codehaus-jackson-core-asl-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm\neap7-codehaus-jackson-jaxrs-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm\neap7-codehaus-jackson-mapper-asl-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm\neap7-codehaus-jackson-xc-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm\neap7-codemodel-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-cryptacular-1.2.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-glassfish-jaxb-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-glassfish-jsf-2.3.9-10.SP09_redhat_00001.1.el6eap.noarch.rpm\neap7-hal-console-3.2.8-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-core-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-envers-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-java8-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-cachestore-jdbc-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-cachestore-remote-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-client-hotrod-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-commons-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-core-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-hibernate-cache-commons-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-hibernate-cache-spi-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-hibernate-cache-v53-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-common-api-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-common-impl-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-common-spi-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-core-api-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-core-impl-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-deployers-common-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-jdbc-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-validator-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-istack-commons-runtime-3.0.10-1.redhat_00001.1.el6eap.noarch.rpm\neap7-istack-commons-tools-3.0.10-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-annotations-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-core-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-databind-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-datatype-jdk8-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-datatype-jsr310-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-jaxrs-base-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-jaxrs-json-provider-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-module-jaxb-annotations-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-modules-base-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-modules-java8-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jaegertracing-jaeger-client-java-0.34.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jaegertracing-jaeger-client-java-core-0.34.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jaegertracing-jaeger-client-java-thrift-0.34.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jakarta-el-3.0.3-1.redhat_00002.1.el6eap.noarch.rpm\neap7-jandex-2.1.2-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jasypt-1.9.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jaxb-jxc-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-jaxb-runtime-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-jaxb-xjc-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-ejb-client-4.0.31-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-genericjms-2.0.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-3.SP02_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-modules-1.10.0-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-remoting-5.0.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-remoting-jmx-3.0.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-server-migration-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-cli-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-core-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.3-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly13.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly14.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly15.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly16.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly17.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly18.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-vfs-3.2.15-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-weld-3.1-api-3.1.0-6.SP2_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-weld-3.1-api-weld-api-3.1.0-6.SP2_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-weld-3.1-api-weld-spi-3.1.0-6.SP2_redhat_00001.1.el6eap.noarch.rpm\neap7-microprofile-config-1.4.0-1.redhat_00003.1.el6eap.noarch.rpm\neap7-microprofile-config-api-1.4.0-1.redhat_00003.1.el6eap.noarch.rpm\neap7-microprofile-health-2.2.0-1.redhat_00001.1.el6eap.noarch.rpm\neap7-microprofile-metrics-2.3.0-1.redhat_00001.1.el6eap.noarch.rpm\neap7-microprofile-metrics-api-2.3.0-1.redhat_00001.1.el6eap.noarch.rpm\neap7-microprofile-opentracing-1.3.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-microprofile-opentracing-api-1.3.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-microprofile-rest-client-1.4.0-1.redhat_00004.1.el6eap.noarch.rpm\neap7-microprofile-rest-client-api-1.4.0-1.redhat_00004.1.el6eap.noarch.rpm\neap7-opensaml-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-core-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-profile-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-saml-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-saml-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-security-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-security-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-soap-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-xacml-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-xacml-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-xacml-saml-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-xacml-saml-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-xmlsec-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-xmlsec-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-picketbox-5.0.3-7.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-picketbox-infinispan-5.0.3-7.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-picketlink-bindings-2.5.5-23.SP12_redhat_00012.1.el6eap.noarch.rpm\neap7-picketlink-wildfly8-2.5.5-23.SP12_redhat_00012.1.el6eap.noarch.rpm\neap7-relaxng-datatype-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-resteasy-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-atom-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-cdi-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-client-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-client-microprofile-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-crypto-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-jackson-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-jackson2-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-jaxb-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-jaxrs-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-jettison-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-jose-jwt-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-jsapi-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-json-binding-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-json-p-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-multipart-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-rxjava2-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-spring-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-validator-provider-11-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-yaml-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-rngom-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-slf4j-jboss-logmanager-1.0.4-1.GA_redhat_00001.1.el6eap.noarch.rpm\neap7-smallrye-config-1.6.2-3.redhat_00004.1.el6eap.noarch.rpm\neap7-smallrye-health-2.2.0-1.redhat_00004.1.el6eap.noarch.rpm\neap7-smallrye-metrics-2.4.0-1.redhat_00004.1.el6eap.noarch.rpm\neap7-smallrye-opentracing-1.3.4-1.redhat_00004.1.el6eap.noarch.rpm\neap7-snakeyaml-1.24.0-2.redhat_00001.1.el6eap.noarch.rpm\neap7-stax2-api-4.2.0-1.redhat_00001.1.el6eap.noarch.rpm\neap7-sun-istack-commons-3.0.10-1.redhat_00001.1.el6eap.noarch.rpm\neap7-txw2-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-undertow-2.0.30-3.SP3_redhat_00001.1.el6eap.noarch.rpm\neap7-undertow-server-1.6.1-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-weld-core-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-weld-core-impl-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-weld-core-jsf-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-weld-ejb-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-weld-jta-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-weld-probe-core-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-weld-web-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-7.3.1-5.GA_redhat_00003.1.el6eap.noarch.rpm\neap7-wildfly-elytron-1.10.6-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-elytron-tool-1.10.6-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-client-common-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-ejb-client-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-naming-client-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-transaction-client-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-javadocs-7.3.1-5.GA_redhat_00003.1.el6eap.noarch.rpm\neap7-wildfly-modules-7.3.1-5.GA_redhat_00003.1.el6eap.noarch.rpm\neap7-wildfly-naming-client-1.0.12-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-transaction-client-1.1.11-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-woodstox-core-6.0.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-wss4j-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-wss4j-bindings-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-wss4j-policy-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-wss4j-ws-security-common-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-wss4j-ws-security-dom-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-wss4j-ws-security-policy-stax-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-wss4j-ws-security-stax-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-xsom-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14371\nhttps://access.redhat.com/security/cve/CVE-2019-0205\nhttps://access.redhat.com/security/cve/CVE-2019-0210\nhttps://access.redhat.com/security/cve/CVE-2019-10172\nhttps://access.redhat.com/security/cve/CVE-2019-12423\nhttps://access.redhat.com/security/cve/CVE-2019-14887\nhttps://access.redhat.com/security/cve/CVE-2019-17573\nhttps://access.redhat.com/security/cve/CVE-2020-1695\nhttps://access.redhat.com/security/cve/CVE-2020-1729\nhttps://access.redhat.com/security/cve/CVE-2020-1745\nhttps://access.redhat.com/security/cve/CVE-2020-1757\nhttps://access.redhat.com/security/cve/CVE-2020-6950\nhttps://access.redhat.com/security/cve/CVE-2020-7226\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10688\nhttps://access.redhat.com/security/cve/CVE-2020-10719\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXuEwDdzjgjWX9erEAQj5vA//da7dJ0mPXDfnjDddloLp4GhZFSzpMf+8\nXOA1pa8mFiDSXeJd4LoO3jDTPQnOsvnLX/4WoMFK227o+mKMWo74ArjeEg9EosT3\nYaqI77IMexUuVjBHnvKygiB8ZYCXLS3PXiC/Ods5I5Xt07uxvsu9bl328RSX2TQR\nfhD/EAbc8vopMD10off7iXSgNh320EW/2GJKhJDoXhdvkZyifc5gu9/SaDq1JH1Q\nol8FyVhdJCiDu1cqw/LBMT1J8BSJuJI+y9b7eqyQ4oZOIhpJ5BsMgcJmmLMjgnBA\nX1b1CtCJy9KbhNgLIqC+og37Bce2MDfAames/HC6wyZyryeChzhVYxhOw25YUk+W\nhBTOfQN273TIEp/Nom/SNYKrG2D9a3ki+7AeGOHRDQbfhBXeogYHftIT+h7sErAe\nEfkGoAE+pGeQiNXLDkSx6eZodxednpK4S8LoysUpkCAyl1Zfd2TjbVGyZNIcOEtO\nkCNtJ0giM7ZccXLnA+aC/X6M0c27pd8sl2eIgkBaLymEoEYW+BgdxSE5HD5hhC/p\nP6WT3nq8R5k0xmRXGXOEK2ireHIjQAfhADmv50YJv4wkbfbXADl1AImiLprgnrGI\ny2sYyVzXGC4APQZJCgUG61wZkRp8QDtnjAdfJujSzuxg3KpE/x1MQJqlnibKflUN\nuvhlMQF+ipU=W6+1\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect", "sources": [ { "db": "NVD", "id": "CVE-2020-9548" }, { "db": "JVNDB", "id": "JVNDB-2020-002437" }, { "db": "VULHUB", "id": "VHN-187673" }, { "db": "VULMON", "id": "CVE-2020-9548" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "158048" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "158282" }, { "db": "PACKETSTORM", "id": "158037" }, { "db": "PACKETSTORM", "id": "158047" }, { "db": "PACKETSTORM", "id": "158038" }, { "db": "PACKETSTORM", "id": "159082" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-9548", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2020-002437", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "159083", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "159208", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "159724", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-202003-040", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "158048", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "158282", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.3558", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1766", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2287", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2588", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1440", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0828", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2619", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2050", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3065", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2042", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3190", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3703", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "NSFOCUS", "id": "46078", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "159082", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "159081", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "159080", "trust": 0.1 }, { "db": "CNVD", "id": "CNVD-2020-15509", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-187673", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-9548", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "157741", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158037", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158047", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158038", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-187673" }, { "db": "VULMON", "id": "CVE-2020-9548" }, { "db": "JVNDB", "id": "JVNDB-2020-002437" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "158048" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "158282" }, { "db": "PACKETSTORM", "id": "158037" }, { "db": "PACKETSTORM", "id": "158047" }, { "db": "PACKETSTORM", "id": "158038" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202003-040" }, { "db": "NVD", "id": "CVE-2020-9548" } ] }, "id": "VAR-202003-1782", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-187673" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:48:40.941000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Block two more gadget types (ibatis-sqlmap, anteros-core; CVE-2020-9547 / CVE-2020-9548) #2634", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2634" }, { "title": "hitachi-sec-2020-109", "trust": 0.8, "url": "https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-109/index.html" }, { "title": "hitachi-sec-2020-109", "trust": 0.8, "url": "https://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2020-109/index.html" }, { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=111241" }, { "title": "Red Hat: Important: Red Hat Single Sign-On 7.4.1 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202813 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203638 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202515 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203637 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203639 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203642 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202513 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202512 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202511 - security advisory" }, { "title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203779 - security advisory" }, { "title": "Red Hat: Important: Satellite 6.8 release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204366 - security advisory" }, { "title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory" }, { "title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory" }, { "title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202067 - security advisory" }, { "title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-109" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics \u00e2\u20ac\u201c Log Analysis", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1db4c8cb14383c63d0c04205c943ef8a" }, { "title": "", "trust": 0.1, "url": "https://github.com/fairyming/cve-2020-9548 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-9548" }, { "db": "JVNDB", "id": "JVNDB-2020-002437" }, { "db": "CNNVD", "id": "CNNVD-202003-040" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-187673" }, { "db": "JVNDB", "id": "JVNDB-2020-002437" }, { "db": "NVD", "id": "CVE-2020-9548" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20200904-0006/" }, { "trust": 1.7, "url": "https://github.com/fasterxml/jackson-databind/issues/2634" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html" }, { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3cdev.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e" }, { "trust": 1.0, "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9548" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2020-9546" }, { "trust": 0.8, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.8, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.8, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2020-9548" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2020-9547" }, { "trust": 0.8, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2020-8840" }, { "trust": 0.7, "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3cdev.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840" }, { "trust": 0.6, "url": "https://issues.jboss.org/):" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-6950" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-1695" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6950" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-9548-cve-2020-9546-cve-2020-9547-cve-2020-8840-cve-2019-20330/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3703/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2287/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-databind-6/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2588/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-publicly-disclosed-vulnerability-found-in-network-performance-insight/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2619/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-affect-ibm-platform-symphony-and-ibm-spectrum-symphony-3/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1766/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3558/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2050/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0828/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158048/red-hat-security-advisory-2020-2512-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2042/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-code-execution-via-anteros-core-31738" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158282/red-hat-security-advisory-2020-2813-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3190/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1440/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159724/red-hat-security-advisory-2020-4366-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/46078" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3065/" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-0210" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-1729" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-0205" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-14887" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10719" }, { "trust": 0.5, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-10719" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-10172" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-17573" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-7226" }, { "trust": 0.4, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10688" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-1757" }, { "trust": 0.4, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1729" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7226" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-12423" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14371" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2018-14371" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-1745" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-10672" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-10673" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10740" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10687" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-10714" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-14297" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-10683" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-10693" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-10687" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14900" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14307" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-10740" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-14307" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1710" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-10718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1748" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16335" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11112" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3875" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11113" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10968" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14832" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16943" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9515" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11619" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2067" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20330" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9514" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17531" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10219" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7238" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14540" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10199" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9511" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12406" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10201" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10969" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11620" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12419" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17267" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14893" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11111" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14888" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9512" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12400" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14838" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14892" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14820" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2512" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3637" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=core.service.rhsso\u0026version=7.4" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10748" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11023" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1694" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10748" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1714" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2813" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1714" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11022" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1694" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2511" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2513" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2515" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3638" } ], "sources": [ { "db": "VULHUB", "id": "VHN-187673" }, { "db": "JVNDB", "id": "JVNDB-2020-002437" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "158048" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "158282" }, { "db": "PACKETSTORM", "id": "158037" }, { "db": "PACKETSTORM", "id": "158047" }, { "db": "PACKETSTORM", "id": "158038" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202003-040" }, { "db": "NVD", "id": "CVE-2020-9548" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-187673" }, { "db": "VULMON", "id": "CVE-2020-9548" }, { "db": "JVNDB", "id": "JVNDB-2020-002437" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "158048" }, { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "158282" }, { "db": "PACKETSTORM", "id": "158037" }, { "db": "PACKETSTORM", "id": "158047" }, { "db": "PACKETSTORM", "id": "158038" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202003-040" }, { "db": "NVD", "id": "CVE-2020-9548" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-02T00:00:00", "db": "VULHUB", "id": "VHN-187673" }, { "date": "2020-03-02T00:00:00", "db": "VULMON", "id": "CVE-2020-9548" }, { "date": "2020-03-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-002437" }, { "date": "2020-05-18T16:42:53", "db": "PACKETSTORM", "id": "157741" }, { "date": "2020-06-11T16:36:20", "db": "PACKETSTORM", "id": "158048" }, { "date": "2020-09-07T16:38:23", "db": "PACKETSTORM", "id": "159081" }, { "date": "2020-07-02T15:43:25", "db": "PACKETSTORM", "id": "158282" }, { "date": "2020-06-11T16:34:17", "db": "PACKETSTORM", "id": "158037" }, { "date": "2020-06-11T16:36:11", "db": "PACKETSTORM", "id": "158047" }, { "date": "2020-06-11T16:34:25", "db": "PACKETSTORM", "id": "158038" }, { "date": "2020-09-07T16:39:28", "db": "PACKETSTORM", "id": "159082" }, { "date": "2020-03-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-040" }, { "date": "2020-03-02T04:15:11.077000", "db": "NVD", "id": "CVE-2020-9548" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-02T00:00:00", "db": "VULHUB", "id": "VHN-187673" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2020-9548" }, { "date": "2020-04-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-002437" }, { "date": "2022-06-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-040" }, { "date": "2023-11-07T03:26:58.833000", "db": "NVD", "id": "CVE-2020-9548" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "159081" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202003-040" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind Unreliable data deserialization vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-002437" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-040" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202101-1937">var-202101-1937</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>===================================================================== Red Hat Security Advisory</p> <p>Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================</p> <ol> <li>Summary:</li> </ol> <p>Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Description:</li> </ol> <p>Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. </p> <ol> <li>Solution:</li> </ol> <p>This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:</p> <p>https://access.redhat.com/errata/RHBA-2021:1232</p> <p>All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor</p> <p>For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:</p> <p>https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html</p> <p>Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:</p> <p>https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):</p> <p>LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"</p> <p>5</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202101-1937" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202101-1937" aria-expanded="false" aria-controls="collapseJsonvar-202101-1937"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202101-1937&t=Vulnerability var-202101-1937" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202101-1937&title=Vulnerability var-202101-1937" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202101-1937&url=https://vulnerability.circl.lu/vuln/var-202101-1937" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202101-1937&title=Vulnerability var-202101-1937" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202101-1937&description=Vulnerability var-202101-1937" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202101-1937&title=Vulnerability var-202101-1937" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202101-1937')" vuln-id="var-202101-1937" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202101-1937"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202101-1937">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1937", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "communications policy management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.5.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "communications pricing design center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.0" }, { "model": "retail customer management and segmentation foundation", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "commerce platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.2" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.6.7.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.3.2" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.5.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "banking treasury management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3" }, { "model": "cloud backup", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "data integrator", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0.2" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.4.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "retail customer management and segmentation foundation", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "communications unified inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4.1" }, { "model": "communications convergent charging controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "insurance rules palette", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "goldengate application adapters", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1.0.0.0" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "communications diameter signaling route", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.5.0.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.0" }, { "model": "insurance rules palette", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "communications diameter signaling route", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "communications services gatekeeper", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.10" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0" }, { "model": "insurance policy administration", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "insurance policy administration", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12.0" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.2" }, { "model": "communications offline mediation controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3.1" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.11" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "communications cloud native core policy", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.14.0" }, { "model": "communications cloud native core unified data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.4.0" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.8" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.0.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.2.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0.4" }, { "model": "service level manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "commerce platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.5.0.23.0" }, { "model": "blockchain platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.1.2" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0.3" }, { "model": "insurance policy administration", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.11" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.1" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.4" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.6" }, { "model": "service level manager", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "jackson-databind", "scope": null, "trust": 0.8, "vendor": "fasterxml", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015589" }, { "db": "NVD", "id": "CVE-2020-36185" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.8", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.2", "versionStartIncluding": "11.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.10", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.11", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.0", "versionStartIncluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.5.0.0", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.4.0", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.1.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-36185" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202101-337" } ], "trust": 0.8 }, "cve": "CVE-2020-36185", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-36185", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-381452", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-36185", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-36185", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202101-337", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-381452", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-36185", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-381452" }, { "db": "VULMON", "id": "CVE-2020-36185" }, { "db": "JVNDB", "id": "JVNDB-2020-015589" }, { "db": "NVD", "id": "CVE-2020-36185" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-337" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2020-36185" }, { "db": "JVNDB", "id": "JVNDB-2020-015589" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-381452" }, { "db": "VULMON", "id": "CVE-2020-36185" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-36185", "trust": 2.8 }, { "db": "PACKETSTORM", "id": "162493", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162350", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015589", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021110515", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021050708", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042826", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1397", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1437", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1573", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-337", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-381452", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-36185", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381452" }, { "db": "VULMON", "id": "CVE-2020-36185" }, { "db": "JVNDB", "id": "JVNDB-2020-015589" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36185" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-337" } ] }, "id": "VAR-202101-1937", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-381452" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:17:27.579000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "NTAP-20210205-0005", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138942" }, { "title": "IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "Al1ex", "trust": 0.1, "url": "https://github.com/al1ex/al1ex " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-36185" }, { "db": "JVNDB", "id": "JVNDB-2020-015589" }, { "db": "CNNVD", "id": "CNNVD-202101-337" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.1 }, { "problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381452" }, { "db": "JVNDB", "id": "JVNDB-2020-015589" }, { "db": "NVD", "id": "CVE-2020-36185" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { "trust": 1.8, "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2998" }, { "trust": 1.8, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185" }, { "trust": 0.7, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1437" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6455267" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021110515" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042826" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1397" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1573" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021050708" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19360" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20190" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14719" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35491" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36180" }, { "trust": 0.2, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36188" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36179" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36182" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24750" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36186" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14379" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/al1ex/al1ex" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1230" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2021:1232" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2163" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1515" } ], "sources": [ { "db": "VULHUB", "id": "VHN-381452" }, { "db": "VULMON", "id": "CVE-2020-36185" }, { "db": "JVNDB", "id": "JVNDB-2020-015589" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36185" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-337" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-381452" }, { "db": "VULMON", "id": "CVE-2020-36185" }, { "db": "JVNDB", "id": "JVNDB-2020-015589" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36185" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-337" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-06T00:00:00", "db": "VULHUB", "id": "VHN-381452" }, { "date": "2021-01-06T00:00:00", "db": "VULMON", "id": "CVE-2020-36185" }, { "date": "2021-10-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015589" }, { "date": "2021-04-27T15:37:46", "db": "PACKETSTORM", "id": "162350" }, { "date": "2021-05-06T15:03:00", "db": "PACKETSTORM", "id": "162493" }, { "date": "2021-01-06T23:15:13.077000", "db": "NVD", "id": "CVE-2020-36185" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-01-06T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-337" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-02T00:00:00", "db": "VULHUB", "id": "VHN-381452" }, { "date": "2022-09-02T00:00:00", "db": "VULMON", "id": "CVE-2020-36185" }, { "date": "2021-10-06T01:05:00", "db": "JVNDB", "id": "JVNDB-2020-015589" }, { "date": "2023-09-13T14:57:03.383000", "db": "NVD", "id": "CVE-2020-36185" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-07-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-337" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-337" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015589" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202004-0345">var-202004-0345</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. FasterXML jackson-databind has a code issue vulnerability. An attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:</p> <p>Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. </p> <p>It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. Description:</p> <p>This release of Red Hat build of Thorntail 2.5.1 includes security updates, bug fixes, and enhancements. Solution:</p> <p>Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/):</p> <p>1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs 1690628 - CVE-2019-3875 keycloak: missing signatures validation on CRL used to verify client certificates 1728609 - CVE-2019-10201 keycloak: SAML broker does not check existence of signature on document allowing any user impersonation 1729261 - CVE-2019-10199 keycloak: CSRF check missing in My Resources functionality in the Account Console 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1749487 - CVE-2019-14832 keycloak: cross-realm user access auth bypass 1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default 1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource 1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig 1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package 1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package 1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package 1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.<em> 1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source 1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS 1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.</em> 1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking 1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments 1816175 - CVE-2019-12419 cxf: OpenId Connect token service does not properly validate the clientId 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop</p> <ol> <li>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</li> </ol> <p>==================================================================== <br /> Red Hat Security Advisory</p> <p>Synopsis: Important: Satellite 6.8 release Advisory ID: RHSA-2020:4366-01 Product: Red Hat Satellite 6 Advisory URL: https://access.redhat.com/errata/RHSA-2020:4366 Issue date: 2020-10-27 CVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781 CVE-2019-16782 CVE-2020-5216 CVE-2020-5217 CVE-2020-5267 CVE-2020-7238 CVE-2020-7663 CVE-2020-7942 CVE-2020-7943 CVE-2020-8161 CVE-2020-8184 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10693 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195 CVE-2020-14334 CVE-2020-14380 ==================================================================== 1. Summary:</p> <p>An update is now available for Red Hat Satellite 6.8 for RHEL 7. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Relevant releases/architectures:</li> </ol> <p>Red Hat Satellite 6.7 - noarch, x86_64 Red Hat Satellite Capsule 6.8 - noarch, x86_64</p> <ol> <li>Description:</li> </ol> <p>Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. </p> <p>Security Fix(es):</p> <ul> <li>mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) (CVE-2018-3258)</li> <li>netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)</li> <li>rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7663)</li> <li>puppet: puppet server and puppetDB may leak sensitive information via metrics API (CVE-2020-7943)</li> <li>jackson-databind: multiple serialization gadgets (CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)</li> <li>foreman: unauthorized cache read on RPM-based installations through local user (CVE-2020-14334)</li> <li>Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover (CVE-2020-14380)</li> <li>Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS (CVE-2019-12781)</li> <li>rubygem-rack: hijack sessions by using timing attacks targeting the session id (CVE-2019-16782)</li> <li>rubygem-secure_headers: limited header injection when using dynamic overrides with user input (CVE-2020-5216)</li> <li>rubygem-secure_headers: directive injection when using dynamic overrides with user input (CVE-2020-5217)</li> <li>rubygem-actionview: views that use the <code>j</code> or <code>escape_javascript</code> methods are susceptible to XSS attacks (CVE-2020-5267)</li> <li>puppet: Arbitrary catalog retrieval (CVE-2020-7942)</li> <li>rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)</li> <li>rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names (CVE-2020-8184)</li> <li>hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)</li> <li>puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL (CVE-2018-11751)</li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. </p> <p>Additional Changes:</p> <ul> <li> <p>Provides the Satellite Ansible Modules that allow for full automation of your Satellite configuration and deployment. </p> </li> <li> <p>Adds ability to install Satellite and Capsules and manage hosts in a IPv6 network environment</p> </li> <li> <p>Ansible based Capsule Upgrade automation: Ability to centrally upgrade all of your Capsule servers with a single job execution. </p> </li> <li> <p>Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest version of Puppet</p> </li> <li> <p>Support for HTTP UEFI provisioning</p> </li> <li> <p>Support for CAC card authentication with Keycloak integration</p> </li> <li> <p>Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8 using the LEAPP based tooling. </p> </li> <li> <p>Support for Red Hat Enterprise Linux Traces integration</p> </li> <li> <p>satellite-maintain & foreman-maintain are now self updating</p> </li> <li> <p>Notifications in the UI to warn users when subscriptions are expiring. </p> </li> </ul> <p>The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. </p> <ol> <li>Solution:</li> </ol> <p>Before applying this update, make sure all previously released errata relevant to your system have been applied. </p> <p>For details on how to apply this update, refer to:</p> <p>https://access.redhat.com/articles/11258</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1160344 - [RFE] Satellite support for cname as alternate cname for satellite server 1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems 1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy 1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt 1398317 - For the vms built by Satellite 6 using "Network Based" installation mode on VMWare, unable to change the boot sequence via BIOS 1410616 - [RFE] Prominent notification of expiring subscriptions. 1410916 - Should only be able to add repositories you have access to 1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3 1461781 - [RFE]A button should be available in the GUI to clear the recurring logics. 1469267 - need updated rubygem-rake 1486446 - Content view versions list has slow query for package count 1486696 - 'hammer host update' removes existing host parameters 1494180 - Sorting by network address for subnet doesn't work properly 1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost 1503037 - [RFE] Cancelled future/recurring job invocations should not get the status "failed" but rather "cancelled" 1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for "172.17.0.101" 1531674 - Operating System Templates are ordered inconsistently in UI. 1537320 - [RFE] Support for Capsules at 1 version lower than Satellite 1543316 - Satellite 6.2 Upgrade Fails with error "rake aborted! NoMethodError: undefined method <code>first' for nil:NilClass" when there are custom bookmarks created 1563270 - Sync status information is lost after cleaning up old tasks related to sync. 1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers ('ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES256-GCM-SHA384') 1571907 - Passenger threads throwing tracebacks on API jobs after spawning 1576859 - [RFE] Implement automatic assigning subnets through data provided by facter 1584184 - [RFE] The locked template is getting overridden by default 1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box 1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template 1608001 - Rearrange search/filter options on Red Hat Repositories page. 1613391 - race condition on removing multiple organizations simultaneously 1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot 1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version 1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui 1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization 1625258 - Having empty "Allocation (GB)" when creating a new Host, nil:NilClass returned on creating the Host 1627066 - Unable to revert to the original version of the provisioning template 1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules 1630536 - yum repos password stored as cleartext 1632577 - Audit log show 'missing' for adding/removing repository to a CV 1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) 1645062 - host_collection controller responds with 200 instead of 201 to a POST request 1645749 - repositories controller responds with 200 instead of 201 to a POST request 1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build 1647364 - [RFE] Extend the audits by the http request id 1647781 - Audits contain no data (Added foo to Missing(ID: x)) 1651297 - Very slow query when using facts on user roles as filters 1653217 - [RFE] More evocative name for Play Ansible Roles option? 1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks 1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role, 1659418 - katello-tracer-upload failing with error "ImportError: No module named katello" 1665277 - subscription manager register activation key with special character failed 1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal 1666693 - Command "hammer subscription list" is not correctly showing the comment "Guests of " in the "Type" field in the output. 1677907 - Ansible API endpoints return 404 1680157 - [RFE] Puppet 'package' provider type does not support selecting modularity streams 1680458 - Locked Report Templates are getting removed. 1680567 - Reporting Engine API to list report template per organization/location returns 404 error 1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite 1685949 - [RFE] Support passing of attribute name instead of Id's in RHV workflow 1687116 - kernel version checks should not use /lib/modules to determine running version 1688886 - subscription-manager not attaching the right quantity per the cpu core 1691416 - Delays when many clients upload tracer data simultaneously 1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself 1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don't match runtime permissions 1705097 - An empty report file doesn't show any headers 1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service 1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed 1710511 - Filter by os_minor includes unexpected values on the Satellite web UI. 1715999 - Use Infoblox API for DNS conflict check and not system resolver 1716423 - Nonexistent quota can be set 1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page 1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array 1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally 1719509 - [RFE] "hammer host list" including erratas information 1719516 - [RFE] "hammer host-collection hosts" including erratas information 1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition 1721419 - SSH key cannot be added when FIPS enabled 1722954 - Slow performance when running "hammer host list" with a high number of Content Hosts (15k+ for example) 1723313 - foreman_tasks:cleanup description contain inconsistent information 1724494 - [Capsule][smart_proxy_dynflow_core] "PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start" 1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS 1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name 1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear 1730083 - [RFE] Add Jobs button to host detail page 1731155 - Cloud init template missing snippet compared to Kickstart default user data 1731229 - podman search against Red Hat Satellite 6 fails. 1731235 - [RFE] Create Report Template to list inactive hosts 1733241 - [RFE] hammer does not inherit parent location information 1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN 1736809 - undefined method</code>split' for nil:NilClass when viewing the host info with hammer 1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host. 1737564 - [RFE] Support custom images on Azure 1738548 - Parameter --openscap-proxy-id is missing in hammer host create command. 1740943 - Increasing Ansible verbosity level does not increase the verbosity of output 1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location. 1743776 - Error while deleting the content view version. 1745516 - Multiple duplicate index entries are present in candlepin database 1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI. 1749692 - Default Rhel8 scap content does not get populated on the Satellite 1749916 - [RFE] Satellite should support certificates with > 2048 Key size 1751981 - Parent object properties are not propagated to Child objects in Location and Host Group 1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command 1753551 - Traces output from Satellite GUI has mismatches with client tracer output 1756991 - 2 inputs with same name -> uninitialized constant #<Class:0x000000000b894c38>::NonUniqueInputsError 1757317 - [RFE] Dynflow workers extraction 1757394 - [BUG] Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via Satellite 6 API 1759160 - Rake task for cleaning up DHCP records on proxy 1761872 - Disabled buttons are still working 1763178 - [RFE] Unnecessary call to userhelp and therefore log entries 1763816 - [RFE] Report which users access the API 1766613 - Fact search bar broken and resets to only searching hostname 1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting 1767497 - Compute Resource filter does not correctly allow Refresh Cache 1767635 - [RFE] Enable Organization and Location to be entered not just selected 1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer. 1770544 - Puppet run job notification do not populate "%{puppet_options}"' value 1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method <code>[]' for nil:NilClass 1771367 - undefined method</code>request_uri' when Openidc Provider Token Endpoint is none 1771428 - Openscap documentation link on Satellite 6 webui is broke 1771484 - Client side documentation links are not branded 1771693 - 'Deployed on' parameter is not listed in API output 1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order 1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again 1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt 1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare 1774710 - UI: When selecting the server type in ldap authentication, "attribute mappings" fields could be populated automatically 1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines) 1778503 - Prepended text on OS name creation 1778681 - Some pages are missing title in html head 1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI. 1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly 1782352 - [RHEL 8.1 client] All packages are not getting updated after click on "Update All Packages" 1782426 - Viewing errata from a repository returns incorrect unfiltered results 1783568 - [RFE] - Bulk Tracer Remediation 1783882 - Ldap refresh failed with "Validation failed: Adding would cause a cycle!" 1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log 1784341 - disable CertificateRevocationListTask job in candlepin.conf by default 1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file 1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6. 1785624 - [UI] Importing templates with associate 'never' is not resulting as expected 1785683 - Does not load datacenter when multiple compute resources are created for same VCenter 1785902 - Ansible RunHostJob tasks failed with "Failed to initialize: NoMethodError - undefined method <code>[]' for nil:NilClass" 1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date 1787329 - change filename in initrd live CPIO archive to fdi.iso 1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL 1788958 - [RFE] add "elapsed time" column to export and hammer, make it filterable in WebUI 1789006 - Smart proxy dynflow core listens on 0.0.0.0 1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id 1789434 - Template editor not always allows refreshing of the preview pane 1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely 1789686 - Non-admin user with enough permissions can't generate report of applicable errata 1789815 - The "start" parameter should be mentioned inside "--compute-attributes:" in hammer_cli for Satellite 6 1789911 - "foreman-rake katello:publish_unpublished_repositories" is referring to column which no longer exists in katello_repositories table. 1789924 - [RFE] As user I want to see a "disabled" status for Simple Content Access (Golden Ticketed) Orgs 1791654 - drop config_templates api endpoints and parameters 1791656 - drop deprecated host status endpoint 1791658 - drop reports api endpoint 1791659 - Remove</code>use_puppet_default<code>api params 1791663 - remove deprecated permissions api parameters 1791665 - drop deprecated compute resource uuid parameter 1792131 - [UI] Could not specify organization/location for users that come from keycloak 1792135 - Not able to login again if session expired from keycloak 1792174 - [RFE] Subscription report template 1792304 - When generating custom report, leave output format field empty 1792378 - [RFE] Long role names are cut off in the roles UI 1793951 - [RFE] Display request UUID on audits page 1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists 1794346 - Change the label for the flashing eye icon during user impersonation 1794641 - Sync status page's content are not being displayed properly. 1795809 - HTML tags visible on paused task page 1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled 1796205 - iso upload: correctly check if upload directory exists 1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1796259 - loading subscriptions page is very slow 1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode 1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout 1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server 1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state. 1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host 1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input 1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input 1802529 - Repository sync in tasks page shows percentage in 17 decimal points 1802631 - Importing Ansible variables yields NoMethodError: undefined method</code>map' for nil:NilClass (initialize_variables) [variables_importer.rb] 1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none 1804496 - While performing bulk actions, unable to select all tasks under Monitor --> Tasks page. 1804651 - Missing information about "Create Capsule" via webUI 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7 1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error 1806842 - Disabling dynflow_enable_console from setting should hide "Dynflow console" in Tasks 1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method <code>mtu' 1807042 - [RFE] Support additional disks for VM on Azure Compute Resource 1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics. 1807829 - Generated inventory file doesn't exist 1807946 - Multiple duplicate index entries are present in foreman database 1808843 - Satellite lists unrelated RHV storage domains using v4 API 1810250 - Unable to delete repository - Content with ID could not be found 1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd 1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection 1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic "errata" page instead 1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units 1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana's API specification 1812904 - 'Hypervisors' task fails with 'undefined method</code>[]' for nil:NilClass' error 1813005 - Prevent --tuning option to be applied in Capsule servers 1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker) 1814095 - Applicable errata not showing up for module stream errata 1815104 - Locked provisioning template should not be allowed to add audit comment 1815135 - hammer does not support description for custom repositories 1815146 - Backslash escapes when downloading a JSON-formatted report multiple times 1815608 - Content Hosts has Access to Content View from Different Organization 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1816699 - Satellite Receptor Installer role can miss accounts under certain conditions 1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval 1816853 - Report generated by Red Hat Inventory Uploads is empty. 1817215 - Admin must be able to provide all the client ids involved inside Satellite settings. 1817224 - Loading one org's content view when switching to a different org 1817481 - Plugin does not set page <title> 1817728 - Default task polling is too frequent at scale 1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com. 1818062 - Deprecated message about katello agent being shown on content host registration page 1818816 - Web console should open in a new tab/window 1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.<em>.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1820193 - Deleted Global Http Proxy is still being used during repository sync. 1820245 - reports in JSON format can't handle unicode characters 1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512 1821335 - Inventory plugin captures information for systems with any entitlement 1821457 - [RFE] Capsules shouldn't update hosts' "Registered through" facts on the Satellite server in a load-balanced configuration. 1821629 - Eager zero seems to do nothing 1821651 - Manifest import task progress remains at 0. 1821752 - New version of the plugin is available: 1.0.5 1822039 - Get HTTP error when deploying the virt-who configure plugin 1822560 - Unable to sync large openshift docker repos 1823905 - Update distributor version to sat-6.7 1823991 - [RFE] Add a more performant way to sort reports 1824183 - Virtual host get counted as physical hosts on cloud.redhat.com 1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes "Blank" 1825760 - schedule inventory plugin sync failed due to 'organization_id' typecasting issue. 1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy 1825978 - Manifest refresh failed with 'Katello::Errors::CandlepinError Invalid credentials.' error 1826298 - even when I cancel ReX job, remediation still shows it as running 1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images 1826515 - [RFE] Consume Candlepin events via STOMP 1826625 - Improve performance of externalNodes 1826678 - New version of the plugin is available: 2.0.6 1826734 - Tasks uses wrong controller name for bookmarks 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories 1827583 - Installing dhcp_isc and dhcp_remote_isc fails with "You cannot specify the same gem twice with different version requirements.....You specified: rsec (< 1) and rsec (>= 0)" 1828257 - Receptor init file missing [Install] section, receptor service won't run after restart 1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API 1828549 - Manifest Certificate Exposed by Unprivileged User 1828682 - Create compute resource shows console error 'Cannot read property 'aDataSort' of undefined' 1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default 1828868 - Add keep alive option in Receptor node 1829487 - Ansible verbosity level does not work 1829766 - undefined method <code>tr' for nil:NilClass when trying to get a new DHCP lease from infoblox 1830253 - Default job templates are not locked 1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time 1830834 - Unable to update default value of a smart class parameter (Sql query error). 1830860 - Refactor loading regions based on subscription dynamically 1830882 - Red Hat Satellite brand icon is missing 1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo 1831528 - CVE-2020-5267 rubygem-actionview: views that use the</code>j<code>or</code>escape_javascript<code>methods are susceptible to XSS attacks 1833031 - Improve RH account ID fetching in cloud connector playbook 1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished) 1833039 - Introduce error code to playbook_run_finished response type 1833311 - "Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid" while creating scap policy with ansible deployment option. 1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of '/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud' returned 1: Error: Nothing to do 1834377 - Disable mongo FTDC 1834866 - Missing macro for "registered_at" host subscription facet 1834898 - Login Page background got centralized and cropped 1835189 - Missing macro for "host_redhat_subscriptions" in host subscription facet 1835241 - Some applicability of the consumers are not recalculated after syncing a repository 1835882 - While executing "Configure Cloud Connector" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting 1836155 - Support follow on rails, travis and i18n work for AzureRm plugin 1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman. 1836774 - Some foreman services failed to start (pulp_streamer) 1836845 - "Generate at" in report template should be current date 1837951 - "invalid Unicode Property \p: /\b\perform various actions through those proxies\b(?!-)/" warning messages appears in dynflow-sidekiq@worker-hosts-queue 1838160 - 'Registered hosts' report does not list kernel release for rhsm clients 1838191 - Arrow position is on left rather in the middle under "Start Time" 1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory 1838917 - Repositories are not showing their available Release versions due to a low default db pool size 1838963 - Hypervisors from Satellite, never makes their way to HBI 1838965 - Product name link is not working on the activation keys "Repository Sets" tab. 1839025 - Configure Cloud Connector relies on information which is no longer provided by the API 1839649 - satellite-installer --reset returns a traceback 1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds 1839779 - undefined local variable or method</code>implicit_order_column' for #<ActiveRecord::Associations::CollectionProxy> on GET request to /discovery_rules endpoint 1839966 - New version of the plugin is available: 2.0.7 1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out . 1840191 - Validate parameters passed by receptor to the receptor-satellite plugin 1840218 - ArgumentError: wrong number of arguments 1840525 - Content host list doesn't update after the successful deletion of content host. 1840635 - Proxy has failed to load one or more features (Realm) 1840723 - Selected scenario is DISABLED, can not continue 1840745 - Satellite installation failed with puppet error " No Puppet module parser is installed" 1841098 - Failed to resolve package dependency while doing satellite upgrade. 1841143 - Known hosts key removal may fail hard, preventing host from being provisioned 1841573 - Clicking breadcrumb "Auth Source Ldaps" on Create LDAP Auth Source results in "The page you were looking for doesn't exist." 1841818 - icons missing on /pub download page 1842900 - ERROR! the role 'satellite-receptor' was not found in ... 1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/ 1843406 - In 6.8, Receptor installation playbook's inputs are visible again 1843561 - Report templates duplicated 1843846 - Host - Registered Content Hosts report: "Safemode doesn't allow to access 'report_hraders' on #<Safemode::ScopeObject>" 1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8 1843926 - satellite-change-hostname fails when running nsupdate 1844142 - [RFE] Drop a subsription-manager fact with the satellite version 1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP 1845486 - [RFE] Able to select 'HTTP Proxy' during Compute Resource create for 'GCE' as similar to EC2 1845860 - hammer org add-provisioning-template command returns Error: undefined method <code>[]' for nil:NilClass 1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1846254 - need to restart services after enabling leapp plugin 1846313 - Add index on locks for resource type and task id 1846317 - undefined method</code>klass' for nil:NilClass 1846421 - build pxe default do not work when more than 1 provider 1846593 - Satellite-installer failed with error "Could not find a suitable provider for foreman_smartproxy" while doing upgrade from 6.7 to 6.8 1847019 - Empty applicability for non-modular repos 1847063 - Slow manifest import and/or refresh 1847407 - load_pools macro not in list of macros 1847645 - Allow override of Katello's DISTRIBUTOR_VERSION 1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details. 1847840 - Libvirt note link leads to 404 1847871 - Combined Profile Update: ArgumentError: invalid argument: nil. 1848291 - Download kernel/initram for kexec asynchronously 1848535 - Unable to create a pure IPv6 host 1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8) 1848902 - ERF42-0258 [Foreman::Exception]: <uuid> is not valid, enter id or name 1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory 1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool 1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms 1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule 1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names 1849656 - ERROR! You cannot use loops on 'import_tasks' statements. You should use 'include_tasks' instead. 1849680 - Task progress decimal precision discrepancy between UI, CLI, and API 1849869 - Unable to recycle the dynflow executor 1850355 - Auth Source Role Filters are not working in Satellite 6.8 1850536 - Can't add RHEV with APIv3 through Hammer 1850914 - Checksum type "sha256" is not available for all units in the repository. Make sure those units have been downloaded 1850934 - Satellite-installer failed with error "Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)" 1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates 1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9 1851167 - Autoattach -> "undefined" subscription added 1851176 - Subscriptions do not provide any repository sets 1851952 - "candlepin_events FAIL Not running" and wont restart 1852371 - Allow http proxy ports by default 1852723 - Broken link for documentation on installation media page 1852733 - Inventory upload documentation redirects to default location 1852735 - New version of the plugin is available: 2.0.8 1853076 - large capsule syncs cause slow processing of dynflow tasks/steps 1853200 - foreman-rake-db:migrate Fails on "No indexes found on foreman_tasks_locks with the options provided" 1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7 1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh 1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views 1853572 - Broken documentation link for 'RHV' in Compute Resource 1854138 - System purpose status should show as 'disabled' when Satellite is in Simple Content Access mode. 1854397 - Compliance reports are not being uploaded to satellite. 1854530 - PG::NotNullViolation when syncing hosts from cloud 1855008 - Host parameters are set after the host is created. 1855254 - Links to documentation broken in HTTP Proxies setup 1855348 - katello_applicability accidentally set to true at install 1855710 - 'Ensure RPM repository is configured and enabled' task says 'FIXME' 1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page. 1856379 - Add missing VM creation tests 1856401 - [RFE] Add module to create HTTP Proxy 1856831 - New version of the plugin is available: 2.0.9 1856837 - undefined method '#httpboot' for NilClass::Jail (NilClass) when creating an IPv6 only host 1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500 1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos 1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos 1857377 - Capsule Upgrade Playbook fails with "Failed to initialize: NoMethodError - undefined method <code>default_capsule' for Katello:Module" 1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError 1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename. 1857726 - Warnings are shown during the satellite package installation on RHEL 7.9 1858237 - Upgraded Satellite has duplicated katello_pools indexes 1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user 1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite 1858855 - Creating compute resources on IPV6 network does not fail gracefully 1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf 1859194 - load_hosts macro duplicated in a list of macros 1859276 - Need to update the deprecation warning message on Statistics and Trends page. 1859705 - Tomcat is not running on fresh Capsule installation 1859929 - User can perform other manifest actions while the first one starts 1860351 - 'Host - compare content hosts packages' report fails with error 'undefined method '#first' for NilClass' 1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed 1860422 - Host with remediations can't be removed 1860430 - 'Host - compare content hosts packages' report: Safemode doesn't allow to access 'version'... 1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service 1860519 - Browsing capsule /pub directory with https fails with forbidden don't have permission to access /pub/ error. 1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8 1860587 - Documentation link in Administer -> About pointing to 6.6 document. 1860835 - Installed Packages not displayed on About page 1860957 - Unable to select an organization for sync management 1861367 - Import Template sync never completes 1861397 - UI dialog for Capsule Upgrade Playbook job doesn't state whitelist_options is required 1861422 - Error encountered while handling the response, replying with an error message ('plugin_config') 1861656 - smart-proxy-openscap-send command fails to upload reports to satellite. 1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request 1861766 - Add ability to list traces by host with hammer 1861807 - Cancel/Abort button should be disabled once REX job is finish 1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer 1861831 - satellite-change-hostname cannot change the satellite hostname after failing. 1861890 - Recommended repos do not match Satellite version 1861970 - Content -> Product doesn't work when no organization is selected 1862135 - updating hosts policy using bulk action fails with sql error 1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite. 1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6 1865871 - Obfuscated hosts do not have domain reported 1865872 - Templates doc - examples on onepage.html are not processed 1865874 - Add inventory status to host 1865876 - Make recommendations count in hosts index a link 1865879 - Add automatic scheduler for insights sync 1865880 - Add an explanation how to enable insights sync 1865928 - Templates documentation help page has hard-coded Satellite setting value 1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently 1866029 - Templates DSL documentation: Parts of description are put in <pre> tag 1866436 - host search filter does not work in job invocation page 1866461 - Run action is missing in job templates page 1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page 1866700 - Hammer CLI is missing "resolve" (traces) option for katello-tracer 1866710 - Wrong API endpoint path referenced for resolving host traces 1867239 - hammer content-view version incremental-update fails with ISE 1867287 - Error Row was updated or deleted by another transaction when deleting docker repository 1867311 - Upgrade fails when checkpoint_segments postgres parameter configured 1867399 - Receptor-satellite isn't able to deal with jobs where all the hosts are unknown to satellite 1867895 - API Create vmware ComputeResource fails with "Datacenter can't be blank" 1868183 - Unable to change virt-who hypervisor location. 1868971 - Receptor installation job doesn't properly escape data it puts into receptor.conf 1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)' messages come in upgrade and installation. 1869812 - Tasks fail to complete under load 1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow 1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found) 1871434 - theme css ".container" class rule is too generic 1871729 - ansible-runner implementation depends on third party repository for ansible-runner package. 1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout 1871978 - Bug in provisioning_template Module 1872014 - Enable web console on host error in "Oops, we're sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console" 1872041 - Host search returns incorrect result 1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result 1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover 1874143 - Red Hat Inventory Uploads does not use proxy 1874160 - Changing Content View of a Content Host needs to better inform the user around client needs 1874168 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception' 1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file 1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts) 1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow 1874176 - Unable to search by value of certain Hostgroup parameter 1874422 - Hits Sync uses only old proxy setting 1874619 - Hostgroup tag is never reported in slice 1875357 - After upgrade server response check failed for candlepin. 1875426 - Azure VM provision fails with error</code>requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url` 1875660 - Reporting Template macros host_cores is not working as expected 1875667 - Audit page list incorrect search filter 1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only 1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding 1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries 1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-</em>.csv 1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-<em>.csv 1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-</em>.csv 1878194 - In Capsule upgrade, "yum update" dump some error messages. 1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled 1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections 1878850 - creating host from hg doesn't resolves the user-data template 1879151 - Remote execution status not updating with large number of hosts 1879448 - Add hits details to host details page 1879451 - Stop uploading if Satellite's setting is disconnected 1879453 - Add plugin version to report metadata 1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP 1880637 - [6.8] satellite-installer always runs upgrade steps 1881066 - Safemode doesn't allow to access 'host_cores' on #<Safemode::ScopeObject> 1881078 - Use Passenger instead of Puma as the Foreman application server 1881988 - [RFE] IPv6 support for Satellite 6.8 1882276 - Satellite installation fails at execution of '/usr/sbin/foreman-rake -- config -k 'remote_execution_cockpit_url' -v '/webcon/=%{host}'' 1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results 1883093 - installer-upgrade failed with error "Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)" 1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error "HTTP error (500 - Internal Server Error): Unable to register system, not all services available" 1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals 1887489 - Insights rules can't be loaded on freshly installed Satellite system 1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO</p> <ol> <li>Package List:</li> </ol> <p>Red Hat Satellite Capsule 6.8:</p> <p>Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm</p> <p>noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-nodes-child-2.21.3-1.el7sat.noarch.rpm pulp-nodes-common-2.21.3-1.el7sat.noarch.rpm pulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm</p> <p>x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm</p> <p>Red Hat Satellite 6.7:</p> <p>Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm candlepin-3.1.21-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm foreman-selinux-2.1.2.3-1.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pcp-mmvstatsd-0.4-2.el7sat.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-aiohttp-3.6.2-4.el7ar.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-async-timeout-3.0.1-2.el7ar.src.rpm python-attrs-19.3.0-3.el7ar.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-chardet-3.0.4-10.el7ar.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-dateutil-2.8.1-2.el7ar.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-idna-2.4-2.el7ar.src.rpm python-idna-ssl-1.1.0-2.el7ar.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-multidict-4.7.4-2.el7ar.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-prometheus-client-0.7.1-2.el7ar.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-receptor-satellite-1.2.0-1.el7sat.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-six-1.11.0-8.el7ar.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-typing-extensions-3.7.4.1-2.el7ar.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-yarl-1.4.2-2.el7ar.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm receptor-0.6.3-1.el7ar.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm rubygem-facter-2.4.1-2.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm rubygem-passenger-4.0.18-24.el7sat.src.rpm rubygem-rack-1.6.12-1.el7sat.src.rpm rubygem-rake-0.9.2.2-41.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm tfm-rubygem-audited-4.9.0-3.el7sat.src.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm tfm-rubygem-builder-3.2.4-1.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm tfm-rubygem-crass-1.0.6-1.el7sat.src.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm tfm-rubygem-deface-1.5.3-2.el7sat.src.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm tfm-rubygem-excon-0.58.0-3.el7sat.src.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm tfm-rubygem-facter-2.4.0-6.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm tfm-rubygem-fx-0.5.0-1.el7sat.src.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm tfm-rubygem-git-1.5.0-1.el7sat.src.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-3.3.0-1.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-locale-2.0.9-13.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm tfm-rubygem-mail-2.7.1-1.el7sat.src.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm tfm-rubygem-os-1.0.0-1.el7sat.src.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm tfm-rubygem-pg-1.1.4-2.el7sat.src.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm tfm-rubygem-puma-4.3.3-4.el7sat.src.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm tfm-rubygem-redis-4.1.2-2.el7sat.src.rpm tfm-rubygem-representable-3.0.4-1.el7sat.src.rpm tfm-rubygem-responders-3.0.0-3.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm tfm-rubygem-signet-0.11.0-3.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm tfm-rubygem-text-1.3.0-7.el7sat.src.rpm tfm-rubygem-thor-1.0.1-2.el7sat.src.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm tfm-rubygem-uber-0.1.0-1.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm</p> <p>noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm candlepin-3.1.21-1.el7sat.noarch.rpm candlepin-selinux-3.1.21-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-2.1.2.19-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-cli-2.1.2.19-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm foreman-ec2-2.1.2.19-1.el7sat.noarch.rpm foreman-gce-2.1.2.19-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-journald-2.1.2.19-1.el7sat.noarch.rpm foreman-libvirt-2.1.2.19-1.el7sat.noarch.rpm foreman-openstack-2.1.2.19-1.el7sat.noarch.rpm foreman-ovirt-2.1.2.19-1.el7sat.noarch.rpm foreman-postgresql-2.1.2.19-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm foreman-selinux-2.1.2.3-1.el7sat.noarch.rpm foreman-service-2.1.2.19-1.el7sat.noarch.rpm foreman-telemetry-2.1.2.19-1.el7sat.noarch.rpm foreman-vmware-2.1.2.19-1.el7sat.noarch.rpm katello-3.16.0-1.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm katello-selinux-3.4.0-1.el7sat.noarch.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm python3-async-timeout-3.0.1-2.el7ar.noarch.rpm python3-attrs-19.3.0-3.el7ar.noarch.rpm python3-chardet-3.0.4-10.el7ar.noarch.rpm python3-dateutil-2.8.1-2.el7ar.noarch.rpm python3-idna-2.4-2.el7ar.noarch.rpm python3-idna-ssl-1.1.0-2.el7ar.noarch.rpm python3-prometheus-client-0.7.1-2.el7ar.noarch.rpm python3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm python3-six-1.11.0-8.el7ar.noarch.rpm python3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm receptor-0.6.3-1.el7ar.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm rubygem-rack-1.6.12-1.el7sat.noarch.rpm rubygem-rake-0.9.2.2-41.el7sat.noarch.rpm satellite-6.8.0-1.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-cli-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm tfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm tfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm tfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm tfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm tfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm tfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm tfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm tfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm tfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm tfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm tfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm tfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm</p> <p>x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_passenger-4.0.18-24.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm pcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm python3-aiohttp-3.6.2-4.el7ar.x86_64.rpm python3-multidict-4.7.4-2.el7ar.x86_64.rpm python3-yarl-1.4.2-2.el7ar.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm rubygem-facter-2.4.1-2.el7sat.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm rubygem-passenger-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm</p> <p>These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/</p> <ol> <li>References:</li> </ol> <p>https://access.redhat.com/security/cve/CVE-2018-3258 https://access.redhat.com/security/cve/CVE-2018-11751 https://access.redhat.com/security/cve/CVE-2019-12781 https://access.redhat.com/security/cve/CVE-2019-16782 https://access.redhat.com/security/cve/CVE-2020-5216 https://access.redhat.com/security/cve/CVE-2020-5217 https://access.redhat.com/security/cve/CVE-2020-5267 https://access.redhat.com/security/cve/CVE-2020-7238 https://access.redhat.com/security/cve/CVE-2020-7663 https://access.redhat.com/security/cve/CVE-2020-7942 https://access.redhat.com/security/cve/CVE-2020-7943 https://access.redhat.com/security/cve/CVE-2020-8161 https://access.redhat.com/security/cve/CVE-2020-8184 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11619 https://access.redhat.com/security/cve/CVE-2020-14061 https://access.redhat.com/security/cve/CVE-2020-14062 https://access.redhat.com/security/cve/CVE-2020-14195 https://access.redhat.com/security/cve/CVE-2020-14334 https://access.redhat.com/security/cve/CVE-2020-14380 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK 1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa 5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr oomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f Z8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io OhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX k9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG C2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5 /6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta D2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a f4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG 1yK/tAm1KBU=osSG -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . </p> <p>NOTE: This advisory is an addendum to https://access.redhat.com/errata/RHBA-2020:1414 and is an informational advisory only, to clarify security fixes released therein. No code has been modified as part of this advisory. Description:</p> <p>Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. 7) - noarch</p> <ol> <li>Description:</li> </ol> <p>The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. </p> <p>Security Fix(es):</p> <ul> <li> <p>jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619)</p> </li> <li> <p>jackson-databind: Serialization gadgets in commons-jelly:commons-jelly (CVE-2020-11620)</p> </li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):</p> <p>1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop</p> <ol> <li>The purpose of this text-only errata is to inform you about the security issues fixed in this release. </li> </ol> <p>Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Summary:</p> <p>This is a security update for JBoss EAP Continuous Delivery 18.0</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202004-0345" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202004-0345" aria-expanded="false" aria-controls="collapseJsonvar-202004-0345"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202004-0345&t=Vulnerability var-202004-0345" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202004-0345&title=Vulnerability var-202004-0345" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202004-0345&url=https://vulnerability.circl.lu/vuln/var-202004-0345" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202004-0345&title=Vulnerability var-202004-0345" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202004-0345&description=Vulnerability var-202004-0345" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202004-0345&title=Vulnerability var-202004-0345" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202004-0345')" vuln-id="var-202004-0345" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202004-0345"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202004-0345">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0345", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "banking platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "2.4.0" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "9.5" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.1" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.4.0" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.2" }, { "model": "steelstore cloud integrated storage", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "global lifecycle management opatch", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "12.2.0.1.20" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "retail sales audit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.0.1" }, { "model": "communications calendar server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "communications network charging and control", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "12.0.3" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.4.2" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "7.3" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.4.2" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "banking platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "2.9.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.4" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.5.0" }, { "model": "communications network charging and control", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "12.0.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.4.0.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2020-11619" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.4", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "versionStartIncluding": "9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.0.3", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.9.0", "versionStartIncluding": "2.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.2.0.1.20", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-11619" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "160601" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "157834" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "158095" }, { "db": "CNNVD", "id": "CNNVD-202004-387" } ], "trust": 1.4 }, "cve": "CVE-2020-11619", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-164215", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-11619", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-11619", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202004-387", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-164215", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-11619", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-164215" }, { "db": "VULMON", "id": "CVE-2020-11619" }, { "db": "CNNVD", "id": "CNNVD-202004-387" }, { "db": "NVD", "id": "CVE-2020-11619" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. FasterXML jackson-databind has a code issue vulnerability. An attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. Description:\n\nThis release of Red Hat build of Thorntail 2.5.1 includes security updates,\nbug fixes, and enhancements. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/):\n\n1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs\n1690628 - CVE-2019-3875 keycloak: missing signatures validation on CRL used to verify client certificates\n1728609 - CVE-2019-10201 keycloak: SAML broker does not check existence of signature on document allowing any user impersonation\n1729261 - CVE-2019-10199 keycloak: CSRF check missing in My Resources functionality in the Account Console\n1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth\n1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth\n1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1749487 - CVE-2019-14832 keycloak: cross-realm user access auth bypass\n1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and \u0027Deployer\u0027 user by default\n1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource\n1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig\n1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package\n1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package\n1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package\n1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*\n1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource\n1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol\n1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data\n1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source\n1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default\n1772008 - CVE-2019-14887 wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use\n1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS\n1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*\n1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments\n1816175 - CVE-2019-12419 cxf: OpenId Connect token service does not properly validate the clientId\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Satellite 6.8 release\nAdvisory ID: RHSA-2020:4366-01\nProduct: Red Hat Satellite 6\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4366\nIssue date: 2020-10-27\nCVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781\n CVE-2019-16782 CVE-2020-5216 CVE-2020-5217\n CVE-2020-5267 CVE-2020-7238 CVE-2020-7663\n CVE-2020-7942 CVE-2020-7943 CVE-2020-8161\n CVE-2020-8184 CVE-2020-8840 CVE-2020-9546\n CVE-2020-9547 CVE-2020-9548 CVE-2020-10693\n CVE-2020-10968 CVE-2020-10969 CVE-2020-11619\n CVE-2020-14061 CVE-2020-14062 CVE-2020-14195\n CVE-2020-14334 CVE-2020-14380\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Satellite 6.8 for RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Satellite 6.7 - noarch, x86_64\nRed Hat Satellite Capsule 6.8 - noarch, x86_64\n\n3. Description:\n\nRed Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized tool. \n\nSecurity Fix(es):\n\n* mysql-connector-java: Connector/J unspecified vulnerability (CPU October\n2018) (CVE-2018-3258)\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n* rubygem-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7663)\n* puppet: puppet server and puppetDB may leak sensitive information via\nmetrics API (CVE-2020-7943)\n* jackson-databind: multiple serialization gadgets (CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)\n* foreman: unauthorized cache read on RPM-based installations through local\nuser (CVE-2020-14334)\n* Satellite: Local user impersonation by Single sign-on (SSO) user leads to\naccount takeover (CVE-2020-14380)\n* Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n(CVE-2019-12781)\n* rubygem-rack: hijack sessions by using timing attacks targeting the\nsession id (CVE-2019-16782)\n* rubygem-secure_headers: limited header injection when using dynamic\noverrides with user input (CVE-2020-5216)\n* rubygem-secure_headers: directive injection when using dynamic overrides\nwith user input (CVE-2020-5217)\n* rubygem-actionview: views that use the `j` or `escape_javascript` methods\nare susceptible to XSS attacks (CVE-2020-5267)\n* puppet: Arbitrary catalog retrieval (CVE-2020-7942)\n* rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)\n* rubygem-rack: percent-encoded cookies can be used to overwrite existing\nprefixed cookie names (CVE-2020-8184)\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n* puppet-agent: Puppet Agent does not properly verify SSL connection when\ndownloading a CRL (CVE-2018-11751)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\n* Provides the Satellite Ansible Modules that allow for full automation of\nyour Satellite configuration and deployment. \n\n* Adds ability to install Satellite and Capsules and manage hosts in a IPv6\nnetwork environment\n\n* Ansible based Capsule Upgrade automation: Ability to centrally upgrade\nall of your Capsule servers with a single job execution. \n\n* Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest\nversion of Puppet\n\n* Support for HTTP UEFI provisioning\n\n* Support for CAC card authentication with Keycloak integration\n\n* Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8\nusing the LEAPP based tooling. \n\n* Support for Red Hat Enterprise Linux Traces integration\n\n* satellite-maintain \u0026 foreman-maintain are now self updating\n\n* Notifications in the UI to warn users when subscriptions are expiring. \n\nThe items above are not a complete list of changes. This update also fixes\nseveral bugs and adds various enhancements. Documentation for these changes\nis available from the Release Notes document linked to in the References\nsection. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1160344 - [RFE] Satellite support for cname as alternate cname for satellite server\n1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems\n1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy\n1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt\n1398317 - For the vms built by Satellite 6 using \"Network Based\" installation mode on VMWare, unable to change the boot sequence via BIOS\n1410616 - [RFE] Prominent notification of expiring subscriptions. \n1410916 - Should only be able to add repositories you have access to\n1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3\n1461781 - [RFE]A button should be available in the GUI to clear the recurring logics. \n1469267 - need updated rubygem-rake\n1486446 - Content view versions list has slow query for package count\n1486696 - \u0027hammer host update\u0027 removes existing host parameters\n1494180 - Sorting by network address for subnet doesn\u0027t work properly\n1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost\n1503037 - [RFE] Cancelled future/recurring job invocations should not get the status \"failed\" but rather \"cancelled\"\n1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for \"172.17.0.101\"\n1531674 - Operating System Templates are ordered inconsistently in UI. \n1537320 - [RFE] Support for Capsules at 1 version lower than Satellite\n1543316 - Satellite 6.2 Upgrade Fails with error \"rake aborted! NoMethodError: undefined method `first\u0027 for nil:NilClass\" when there are custom bookmarks created\n1563270 - Sync status information is lost after cleaning up old tasks related to sync. \n1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers (\u0027ECDHE-RSA-AES128-GCM-SHA256\u0027, \u0027ECDHE-RSA-AES256-GCM-SHA384\u0027)\n1571907 - Passenger threads throwing tracebacks on API jobs after spawning\n1576859 - [RFE] Implement automatic assigning subnets through data provided by facter\n1584184 - [RFE] The locked template is getting overridden by default\n1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box\n1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template\n1608001 - Rearrange search/filter options on Red Hat Repositories page. \n1613391 - race condition on removing multiple organizations simultaneously\n1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot\n1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version\n1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui\n1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization\n1625258 - Having empty \"Allocation (GB)\" when creating a new Host, nil:NilClass returned on creating the Host\n1627066 - Unable to revert to the original version of the provisioning template\n1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules\n1630536 - yum repos password stored as cleartext\n1632577 - Audit log show \u0027missing\u0027 for adding/removing repository to a CV\n1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)\n1645062 - host_collection controller responds with 200 instead of 201 to a POST request\n1645749 - repositories controller responds with 200 instead of 201 to a POST request\n1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build\n1647364 - [RFE] Extend the audits by the http request id\n1647781 - Audits contain no data (Added foo to Missing(ID: x))\n1651297 - Very slow query when using facts on user roles as filters\n1653217 - [RFE] More evocative name for Play Ansible Roles option?\n1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks\n1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,\n1659418 - katello-tracer-upload failing with error \"ImportError: No module named katello\"\n1665277 - subscription manager register activation key with special character failed\n1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal\n1666693 - Command \"hammer subscription list\" is not correctly showing the comment \"Guests of \" in the \"Type\" field in the output. \n1677907 - Ansible API endpoints return 404\n1680157 - [RFE] Puppet \u0027package\u0027 provider type does not support selecting modularity streams\n1680458 - Locked Report Templates are getting removed. \n1680567 - Reporting Engine API to list report template per organization/location returns 404 error\n1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite\n1685949 - [RFE] Support passing of attribute name instead of Id\u0027s in RHV workflow\n1687116 - kernel version checks should not use /lib/modules to determine running version\n1688886 - subscription-manager not attaching the right quantity per the cpu core\n1691416 - Delays when many clients upload tracer data simultaneously\n1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself\n1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don\u0027t match runtime permissions\n1705097 - An empty report file doesn\u0027t show any headers\n1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service\n1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed\n1710511 - Filter by os_minor includes unexpected values on the Satellite web UI. \n1715999 - Use Infoblox API for DNS conflict check and not system resolver\n1716423 - Nonexistent quota can be set\n1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page\n1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array\n1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally\n1719509 - [RFE] \"hammer host list\" including erratas information\n1719516 - [RFE] \"hammer host-collection hosts\" including erratas information\n1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition\n1721419 - SSH key cannot be added when FIPS enabled\n1722954 - Slow performance when running \"hammer host list\" with a high number of Content Hosts (15k+ for example)\n1723313 - foreman_tasks:cleanup description contain inconsistent information\n1724494 - [Capsule][smart_proxy_dynflow_core] \"PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start\"\n1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name\n1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear\n1730083 - [RFE] Add Jobs button to host detail page\n1731155 - Cloud init template missing snippet compared to Kickstart default user data\n1731229 - podman search against Red Hat Satellite 6 fails. \n1731235 - [RFE] Create Report Template to list inactive hosts\n1733241 - [RFE] hammer does not inherit parent location information\n1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN\n1736809 - undefined method `split\u0027 for nil:NilClass when viewing the host info with hammer\n1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host. \n1737564 - [RFE] Support custom images on Azure\n1738548 - Parameter --openscap-proxy-id is missing in hammer host create command. \n1740943 - Increasing Ansible verbosity level does not increase the verbosity of output\n1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location. \n1743776 - Error while deleting the content view version. \n1745516 - Multiple duplicate index entries are present in candlepin database\n1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI. \n1749692 - Default Rhel8 scap content does not get populated on the Satellite\n1749916 - [RFE] Satellite should support certificates with \u003e 2048 Key size\n1751981 - Parent object properties are not propagated to Child objects in Location and Host Group\n1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command\n1753551 - Traces output from Satellite GUI has mismatches with client tracer output\n1756991 - 2 inputs with same name -\u003e uninitialized constant #\u003cClass:0x000000000b894c38\u003e::NonUniqueInputsError\n1757317 - [RFE] Dynflow workers extraction\n1757394 - [BUG] Non-admin users always get \"Missing one of the required permissions\" message while accessing their own table_preferences via Satellite 6 API\n1759160 - Rake task for cleaning up DHCP records on proxy\n1761872 - Disabled buttons are still working\n1763178 - [RFE] Unnecessary call to userhelp and therefore log entries\n1763816 - [RFE] Report which users access the API\n1766613 - Fact search bar broken and resets to only searching hostname\n1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting\n1767497 - Compute Resource filter does not correctly allow Refresh Cache\n1767635 - [RFE] Enable Organization and Location to be entered not just selected\n1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer. \n1770544 - Puppet run job notification do not populate \"%{puppet_options}\"\u0027 value\n1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method `[]\u0027 for nil:NilClass\n1771367 - undefined method `request_uri\u0027 when Openidc Provider Token Endpoint is none\n1771428 - Openscap documentation link on Satellite 6 webui is broke\n1771484 - Client side documentation links are not branded\n1771693 - \u0027Deployed on\u0027 parameter is not listed in API output\n1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order\n1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again\n1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt\n1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare\n1774710 - UI: When selecting the server type in ldap authentication, \"attribute mappings\" fields could be populated automatically\n1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)\n1778503 - Prepended text on OS name creation\n1778681 - Some pages are missing title in html head\n1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI. \n1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly\n1782352 - [RHEL 8.1 client] All packages are not getting updated after click on \"Update All Packages\"\n1782426 - Viewing errata from a repository returns incorrect unfiltered results\n1783568 - [RFE] - Bulk Tracer Remediation\n1783882 - Ldap refresh failed with \"Validation failed: Adding would cause a cycle!\"\n1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log\n1784341 - disable CertificateRevocationListTask job in candlepin.conf by default\n1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file\n1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6. \n1785624 - [UI] Importing templates with associate \u0027never\u0027 is not resulting as expected\n1785683 - Does not load datacenter when multiple compute resources are created for same VCenter\n1785902 - Ansible RunHostJob tasks failed with \"Failed to initialize: NoMethodError - undefined method `[]\u0027 for nil:NilClass\"\n1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date\n1787329 - change filename in initrd live CPIO archive to fdi.iso\n1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL\n1788958 - [RFE] add \"elapsed time\" column to export and hammer, make it filterable in WebUI\n1789006 - Smart proxy dynflow core listens on 0.0.0.0\n1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id\n1789434 - Template editor not always allows refreshing of the preview pane\n1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely\n1789686 - Non-admin user with enough permissions can\u0027t generate report of applicable errata\n1789815 - The \"start\" parameter should be mentioned inside \"--compute-attributes:\" in hammer_cli for Satellite 6\n1789911 - \"foreman-rake katello:publish_unpublished_repositories\" is referring to column which no longer exists in katello_repositories table. \n1789924 - [RFE] As user I want to see a \"disabled\" status for Simple Content Access (Golden Ticketed) Orgs\n1791654 - drop config_templates api endpoints and parameters\n1791656 - drop deprecated host status endpoint\n1791658 - drop reports api endpoint\n1791659 - Remove `use_puppet_default` api params\n1791663 - remove deprecated permissions api parameters\n1791665 - drop deprecated compute resource uuid parameter\n1792131 - [UI] Could not specify organization/location for users that come from keycloak\n1792135 - Not able to login again if session expired from keycloak\n1792174 - [RFE] Subscription report template\n1792304 - When generating custom report, leave output format field empty\n1792378 - [RFE] Long role names are cut off in the roles UI\n1793951 - [RFE] Display request UUID on audits page\n1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists\n1794346 - Change the label for the flashing eye icon during user impersonation\n1794641 - Sync status page\u0027s content are not being displayed properly. \n1795809 - HTML tags visible on paused task page\n1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled\n1796205 - iso upload: correctly check if upload directory exists\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1796259 - loading subscriptions page is very slow\n1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode\n1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout\n1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server\n1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state. \n1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host\n1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input\n1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input\n1802529 - Repository sync in tasks page shows percentage in 17 decimal points\n1802631 - Importing Ansible variables yields NoMethodError: undefined method `map\u0027 for nil:NilClass (initialize_variables) [variables_importer.rb]\n1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none\n1804496 - While performing bulk actions, unable to select all tasks under Monitor --\u003e Tasks page. \n1804651 - Missing information about \"Create Capsule\" via webUI\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7\n1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error\n1806842 - Disabling dynflow_enable_console from setting should hide \"Dynflow console\" in Tasks\n1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method `mtu\u0027\n1807042 - [RFE] Support additional disks for VM on Azure Compute Resource\n1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics. \n1807829 - Generated inventory file doesn\u0027t exist\n1807946 - Multiple duplicate index entries are present in foreman database\n1808843 - Satellite lists unrelated RHV storage domains using v4 API\n1810250 - Unable to delete repository - Content with ID could not be found\n1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd\n1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection\n1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic \"errata\" page instead\n1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units\n1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana\u0027s API specification\n1812904 - \u0027Hypervisors\u0027 task fails with \u0027undefined method `[]\u0027 for nil:NilClass\u0027 error\n1813005 - Prevent --tuning option to be applied in Capsule servers\n1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)\n1814095 - Applicable errata not showing up for module stream errata\n1815104 - Locked provisioning template should not be allowed to add audit comment\n1815135 - hammer does not support description for custom repositories\n1815146 - Backslash escapes when downloading a JSON-formatted report multiple times\n1815608 - Content Hosts has Access to Content View from Different Organization\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1816699 - Satellite Receptor Installer role can miss accounts under certain conditions\n1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval\n1816853 - Report generated by Red Hat Inventory Uploads is empty. \n1817215 - Admin must be able to provide all the client ids involved inside Satellite settings. \n1817224 - Loading one org\u0027s content view when switching to a different org\n1817481 - Plugin does not set page \u003ctitle\u003e\n1817728 - Default task polling is too frequent at scale\n1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com. \n1818062 - Deprecated message about katello agent being shown on content host registration page\n1818816 - Web console should open in a new tab/window\n1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1820193 - Deleted Global Http Proxy is still being used during repository sync. \n1820245 - reports in JSON format can\u0027t handle unicode characters\n1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512\n1821335 - Inventory plugin captures information for systems with any entitlement\n1821457 - [RFE] Capsules shouldn\u0027t update hosts\u0027 \"Registered through\" facts on the Satellite server in a load-balanced configuration. \n1821629 - Eager zero seems to do nothing\n1821651 - Manifest import task progress remains at 0. \n1821752 - New version of the plugin is available: 1.0.5\n1822039 - Get HTTP error when deploying the virt-who configure plugin\n1822560 - Unable to sync large openshift docker repos\n1823905 - Update distributor version to sat-6.7\n1823991 - [RFE] Add a more performant way to sort reports\n1824183 - Virtual host get counted as physical hosts on cloud.redhat.com\n1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes \"Blank\"\n1825760 - schedule inventory plugin sync failed due to \u0027organization_id\u0027 typecasting issue. \n1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy\n1825978 - Manifest refresh failed with \u0027Katello::Errors::CandlepinError Invalid credentials.\u0027 error\n1826298 - even when I cancel ReX job, remediation still shows it as running\n1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images\n1826515 - [RFE] Consume Candlepin events via STOMP\n1826625 - Improve performance of externalNodes\n1826678 - New version of the plugin is available: 2.0.6\n1826734 - Tasks uses wrong controller name for bookmarks\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories\n1827583 - Installing dhcp_isc and dhcp_remote_isc fails with \"You cannot specify the same gem twice with different version requirements.....You specified: rsec (\u003c 1) and rsec (\u003e= 0)\"\n1828257 - Receptor init file missing [Install] section, receptor service won\u0027t run after restart\n1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API\n1828549 - Manifest Certificate Exposed by Unprivileged User\n1828682 - Create compute resource shows console error \u0027Cannot read property \u0027aDataSort\u0027 of undefined\u0027\n1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default\n1828868 - Add keep alive option in Receptor node\n1829487 - Ansible verbosity level does not work\n1829766 - undefined method `tr\u0027 for nil:NilClass when trying to get a new DHCP lease from infoblox\n1830253 - Default job templates are not locked\n1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time\n1830834 - Unable to update default value of a smart class parameter (Sql query error). \n1830860 - Refactor loading regions based on subscription dynamically\n1830882 - Red Hat Satellite brand icon is missing\n1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo\n1831528 - CVE-2020-5267 rubygem-actionview: views that use the `j` or `escape_javascript` methods are susceptible to XSS attacks\n1833031 - Improve RH account ID fetching in cloud connector playbook\n1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)\n1833039 - Introduce error code to playbook_run_finished response type\n1833311 - \"Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid\" while creating scap policy with ansible deployment option. \n1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of \u0027/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud\u0027 returned 1: Error: Nothing to do\n1834377 - Disable mongo FTDC\n1834866 - Missing macro for \"registered_at\" host subscription facet\n1834898 - Login Page background got centralized and cropped\n1835189 - Missing macro for \"host_redhat_subscriptions\" in host subscription facet\n1835241 - Some applicability of the consumers are not recalculated after syncing a repository\n1835882 - While executing \"Configure Cloud Connector\" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting\n1836155 - Support follow on rails, travis and i18n work for AzureRm plugin\n1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman. \n1836774 - Some foreman services failed to start (pulp_streamer)\n1836845 - \"Generate at\" in report template should be current date\n1837951 - \"invalid Unicode Property \\p: /\\b\\perform various actions through those proxies\\b(?!-)/\" warning messages appears in dynflow-sidekiq@worker-hosts-queue\n1838160 - \u0027Registered hosts\u0027 report does not list kernel release for rhsm clients\n1838191 - Arrow position is on left rather in the middle under \"Start Time\"\n1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory\n1838917 - Repositories are not showing their available Release versions due to a low default db pool size\n1838963 - Hypervisors from Satellite, never makes their way to HBI\n1838965 - Product name link is not working on the activation keys \"Repository Sets\" tab. \n1839025 - Configure Cloud Connector relies on information which is no longer provided by the API\n1839649 - satellite-installer --reset returns a traceback\n1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds\n1839779 - undefined local variable or method `implicit_order_column\u0027 for #\u003cActiveRecord::Associations::CollectionProxy\u003e on GET request to /discovery_rules endpoint\n1839966 - New version of the plugin is available: 2.0.7\n1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out . \n1840191 - Validate parameters passed by receptor to the receptor-satellite plugin\n1840218 - ArgumentError: wrong number of arguments\n1840525 - Content host list doesn\u0027t update after the successful deletion of content host. \n1840635 - Proxy has failed to load one or more features (Realm)\n1840723 - Selected scenario is DISABLED, can not continue\n1840745 - Satellite installation failed with puppet error \" No Puppet module parser is installed\"\n1841098 - Failed to resolve package dependency while doing satellite upgrade. \n1841143 - Known hosts key removal may fail hard, preventing host from being provisioned\n1841573 - Clicking breadcrumb \"Auth Source Ldaps\" on Create LDAP Auth Source results in \"The page you were looking for doesn\u0027t exist.\"\n1841818 - icons missing on /pub download page\n1842900 - ERROR! the role \u0027satellite-receptor\u0027 was not found in ... \n1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/\n1843406 - In 6.8, Receptor installation playbook\u0027s inputs are visible again\n1843561 - Report templates duplicated\n1843846 - Host - Registered Content Hosts report: \"Safemode doesn\u0027t allow to access \u0027report_hraders\u0027 on #\u003cSafemode::ScopeObject\u003e\"\n1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8\n1843926 - satellite-change-hostname fails when running nsupdate\n1844142 - [RFE] Drop a subsription-manager fact with the satellite version\n1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP\n1845486 - [RFE] Able to select \u0027HTTP Proxy\u0027 during Compute Resource create for \u0027GCE\u0027 as similar to EC2\n1845860 - hammer org add-provisioning-template command returns Error: undefined method `[]\u0027 for nil:NilClass\n1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1846254 - need to restart services after enabling leapp plugin\n1846313 - Add index on locks for resource type and task id\n1846317 - undefined method `klass\u0027 for nil:NilClass\n1846421 - build pxe default do not work when more than 1 provider\n1846593 - Satellite-installer failed with error \"Could not find a suitable provider for foreman_smartproxy\" while doing upgrade from 6.7 to 6.8\n1847019 - Empty applicability for non-modular repos\n1847063 - Slow manifest import and/or refresh\n1847407 - load_pools macro not in list of macros\n1847645 - Allow override of Katello\u0027s DISTRIBUTOR_VERSION\n1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details. \n1847840 - Libvirt note link leads to 404\n1847871 - Combined Profile Update: ArgumentError: invalid argument: nil. \n1848291 - Download kernel/initram for kexec asynchronously\n1848535 - Unable to create a pure IPv6 host\n1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)\n1848902 - ERF42-0258 [Foreman::Exception]: \u003cuuid\u003e is not valid, enter id or name\n1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory\n1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool\n1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms\n1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule\n1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names\n1849656 - ERROR! You cannot use loops on \u0027import_tasks\u0027 statements. You should use \u0027include_tasks\u0027 instead. \n1849680 - Task progress decimal precision discrepancy between UI, CLI, and API\n1849869 - Unable to recycle the dynflow executor\n1850355 - Auth Source Role Filters are not working in Satellite 6.8\n1850536 - Can\u0027t add RHEV with APIv3 through Hammer\n1850914 - Checksum type \"sha256\" is not available for all units in the repository. Make sure those units have been downloaded\n1850934 - Satellite-installer failed with error \"Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)\"\n1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates\n1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9\n1851167 - Autoattach -\u003e \"undefined\" subscription added\n1851176 - Subscriptions do not provide any repository sets\n1851952 - \"candlepin_events FAIL Not running\" and wont restart\n1852371 - Allow http proxy ports by default\n1852723 - Broken link for documentation on installation media page\n1852733 - Inventory upload documentation redirects to default location\n1852735 - New version of the plugin is available: 2.0.8\n1853076 - large capsule syncs cause slow processing of dynflow tasks/steps\n1853200 - foreman-rake-db:migrate Fails on \"No indexes found on foreman_tasks_locks with the options provided\"\n1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7\n1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh\n1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views\n1853572 - Broken documentation link for \u0027RHV\u0027 in Compute Resource\n1854138 - System purpose status should show as \u0027disabled\u0027 when Satellite is in Simple Content Access mode. \n1854397 - Compliance reports are not being uploaded to satellite. \n1854530 - PG::NotNullViolation when syncing hosts from cloud\n1855008 - Host parameters are set after the host is created. \n1855254 - Links to documentation broken in HTTP Proxies setup\n1855348 - katello_applicability accidentally set to true at install\n1855710 - \u0027Ensure RPM repository is configured and enabled\u0027 task says \u0027FIXME\u0027\n1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page. \n1856379 - Add missing VM creation tests\n1856401 - [RFE] Add module to create HTTP Proxy\n1856831 - New version of the plugin is available: 2.0.9\n1856837 - undefined method \u0027#httpboot\u0027 for NilClass::Jail (NilClass) when creating an IPv6 only host\n1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500\n1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos\n1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos\n1857377 - Capsule Upgrade Playbook fails with \"Failed to initialize: NoMethodError - undefined method `default_capsule\u0027 for Katello:Module\"\n1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError\n1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename. \n1857726 - Warnings are shown during the satellite package installation on RHEL 7.9\n1858237 - Upgraded Satellite has duplicated katello_pools indexes\n1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user\n1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite\n1858855 - Creating compute resources on IPV6 network does not fail gracefully\n1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf\n1859194 - load_hosts macro duplicated in a list of macros\n1859276 - Need to update the deprecation warning message on Statistics and Trends page. \n1859705 - Tomcat is not running on fresh Capsule installation\n1859929 - User can perform other manifest actions while the first one starts\n1860351 - \u0027Host - compare content hosts packages\u0027 report fails with error \u0027undefined method \u0027#first\u0027 for NilClass\u0027\n1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed\n1860422 - Host with remediations can\u0027t be removed\n1860430 - \u0027Host - compare content hosts packages\u0027 report: Safemode doesn\u0027t allow to access \u0027version\u0027... \n1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service\n1860519 - Browsing capsule /pub directory with https fails with forbidden don\u0027t have permission to access /pub/ error. \n1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8\n1860587 - Documentation link in Administer -\u003e About pointing to 6.6 document. \n1860835 - Installed Packages not displayed on About page\n1860957 - Unable to select an organization for sync management\n1861367 - Import Template sync never completes\n1861397 - UI dialog for Capsule Upgrade Playbook job doesn\u0027t state whitelist_options is required\n1861422 - Error encountered while handling the response, replying with an error message (\u0027plugin_config\u0027)\n1861656 - smart-proxy-openscap-send command fails to upload reports to satellite. \n1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request\n1861766 - Add ability to list traces by host with hammer\n1861807 - Cancel/Abort button should be disabled once REX job is finish\n1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer\n1861831 - satellite-change-hostname cannot change the satellite hostname after failing. \n1861890 - Recommended repos do not match Satellite version\n1861970 - Content -\u003e Product doesn\u0027t work when no organization is selected\n1862135 - updating hosts policy using bulk action fails with sql error\n1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite. \n1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6\n1865871 - Obfuscated hosts do not have domain reported\n1865872 - Templates doc - examples on onepage.html are not processed\n1865874 - Add inventory status to host\n1865876 - Make recommendations count in hosts index a link\n1865879 - Add automatic scheduler for insights sync\n1865880 - Add an explanation how to enable insights sync\n1865928 - Templates documentation help page has hard-coded Satellite setting value\n1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently\n1866029 - Templates DSL documentation: Parts of description are put in \u003cpre\u003e tag\n1866436 - host search filter does not work in job invocation page\n1866461 - Run action is missing in job templates page\n1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page\n1866700 - Hammer CLI is missing \"resolve\" (traces) option for katello-tracer\n1866710 - Wrong API endpoint path referenced for resolving host traces\n1867239 - hammer content-view version incremental-update fails with ISE\n1867287 - Error Row was updated or deleted by another transaction when deleting docker repository\n1867311 - Upgrade fails when checkpoint_segments postgres parameter configured\n1867399 - Receptor-satellite isn\u0027t able to deal with jobs where all the hosts are unknown to satellite\n1867895 - API Create vmware ComputeResource fails with \"Datacenter can\u0027t be blank\"\n1868183 - Unable to change virt-who hypervisor location. \n1868971 - Receptor installation job doesn\u0027t properly escape data it puts into receptor.conf\n1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)\u0027 messages come in upgrade and installation. \n1869812 - Tasks fail to complete under load\n1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow\n1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)\n1871434 - theme css \".container\" class rule is too generic\n1871729 - ansible-runner implementation depends on third party repository for ansible-runner package. \n1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout\n1871978 - Bug in provisioning_template Module\n1872014 - Enable web console on host error in \"Oops, we\u0027re sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console\"\n1872041 - Host search returns incorrect result\n1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result\n1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover\n1874143 - Red Hat Inventory Uploads does not use proxy\n1874160 - Changing Content View of a Content Host needs to better inform the user around client needs\n1874168 - Sync Plan fails with \u0027uninitialized constant Actions::Foreman::Exception\u0027\n1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file\n1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)\n1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow\n1874176 - Unable to search by value of certain Hostgroup parameter\n1874422 - Hits Sync uses only old proxy setting\n1874619 - Hostgroup tag is never reported in slice\n1875357 - After upgrade server response check failed for candlepin. \n1875426 - Azure VM provision fails with error `requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`\n1875660 - Reporting Template macros host_cores is not working as expected\n1875667 - Audit page list incorrect search filter\n1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only\n1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding\n1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries\n1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-*.csv\n1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-*.csv\n1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-*.csv\n1878194 - In Capsule upgrade, \"yum update\" dump some error messages. \n1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled\n1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections\n1878850 - creating host from hg doesn\u0027t resolves the user-data template\n1879151 - Remote execution status not updating with large number of hosts\n1879448 - Add hits details to host details page\n1879451 - Stop uploading if Satellite\u0027s setting is disconnected\n1879453 - Add plugin version to report metadata\n1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP\n1880637 - [6.8] satellite-installer always runs upgrade steps\n1881066 - Safemode doesn\u0027t allow to access \u0027host_cores\u0027 on #\u003cSafemode::ScopeObject\u003e\n1881078 - Use Passenger instead of Puma as the Foreman application server\n1881988 - [RFE] IPv6 support for Satellite 6.8\n1882276 - Satellite installation fails at execution of \u0027/usr/sbin/foreman-rake -- config -k \u0027remote_execution_cockpit_url\u0027 -v \u0027/webcon/=%{host}\u0027\u0027\n1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results\n1883093 - installer-upgrade failed with error \"Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)\"\n1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error \"HTTP error (500 - Internal Server Error): Unable to register system, not all services available\"\n1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals\n1887489 - Insights rules can\u0027t be loaded on freshly installed Satellite system\n1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO\n\n6. Package List:\n\nRed Hat Satellite Capsule 6.8:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-child-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-common-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nRed Hat Satellite 6.7:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncandlepin-3.1.21-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nforeman-selinux-2.1.2.3-1.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npcp-mmvstatsd-0.4-2.el7sat.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-aiohttp-3.6.2-4.el7ar.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-async-timeout-3.0.1-2.el7ar.src.rpm\npython-attrs-19.3.0-3.el7ar.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-chardet-3.0.4-10.el7ar.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-dateutil-2.8.1-2.el7ar.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-idna-2.4-2.el7ar.src.rpm\npython-idna-ssl-1.1.0-2.el7ar.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-multidict-4.7.4-2.el7ar.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-prometheus-client-0.7.1-2.el7ar.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-receptor-satellite-1.2.0-1.el7sat.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-six-1.11.0-8.el7ar.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-typing-extensions-3.7.4.1-2.el7ar.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-yarl-1.4.2-2.el7ar.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nreceptor-0.6.3-1.el7ar.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm\nrubygem-facter-2.4.1-2.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nrubygem-passenger-4.0.18-24.el7sat.src.rpm\nrubygem-rack-1.6.12-1.el7sat.src.rpm\nrubygem-rake-0.9.2.2-41.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.src.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.src.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.src.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.src.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.src.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.src.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.src.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.src.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.src.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.src.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.src.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncandlepin-3.1.21-1.el7sat.noarch.rpm\ncandlepin-selinux-3.1.21-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-2.1.2.19-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-cli-2.1.2.19-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ec2-2.1.2.19-1.el7sat.noarch.rpm\nforeman-gce-2.1.2.19-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-journald-2.1.2.19-1.el7sat.noarch.rpm\nforeman-libvirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-openstack-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ovirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-postgresql-2.1.2.19-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nforeman-selinux-2.1.2.3-1.el7sat.noarch.rpm\nforeman-service-2.1.2.19-1.el7sat.noarch.rpm\nforeman-telemetry-2.1.2.19-1.el7sat.noarch.rpm\nforeman-vmware-2.1.2.19-1.el7sat.noarch.rpm\nkatello-3.16.0-1.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkatello-selinux-3.4.0-1.el7sat.noarch.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\npython3-async-timeout-3.0.1-2.el7ar.noarch.rpm\npython3-attrs-19.3.0-3.el7ar.noarch.rpm\npython3-chardet-3.0.4-10.el7ar.noarch.rpm\npython3-dateutil-2.8.1-2.el7ar.noarch.rpm\npython3-idna-2.4-2.el7ar.noarch.rpm\npython3-idna-ssl-1.1.0-2.el7ar.noarch.rpm\npython3-prometheus-client-0.7.1-2.el7ar.noarch.rpm\npython3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm\npython3-six-1.11.0-8.el7ar.noarch.rpm\npython3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nreceptor-0.6.3-1.el7ar.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nrubygem-rack-1.6.12-1.el7sat.noarch.rpm\nrubygem-rake-0.9.2.2-41.el7sat.noarch.rpm\nsatellite-6.8.0-1.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-cli-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_passenger-4.0.18-24.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\npython3-aiohttp-3.6.2-4.el7ar.x86_64.rpm\npython3-multidict-4.7.4-2.el7ar.x86_64.rpm\npython3-yarl-1.4.2-2.el7ar.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm\nrubygem-facter-2.4.1-2.el7sat.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nrubygem-passenger-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-3258\nhttps://access.redhat.com/security/cve/CVE-2018-11751\nhttps://access.redhat.com/security/cve/CVE-2019-12781\nhttps://access.redhat.com/security/cve/CVE-2019-16782\nhttps://access.redhat.com/security/cve/CVE-2020-5216\nhttps://access.redhat.com/security/cve/CVE-2020-5217\nhttps://access.redhat.com/security/cve/CVE-2020-5267\nhttps://access.redhat.com/security/cve/CVE-2020-7238\nhttps://access.redhat.com/security/cve/CVE-2020-7663\nhttps://access.redhat.com/security/cve/CVE-2020-7942\nhttps://access.redhat.com/security/cve/CVE-2020-7943\nhttps://access.redhat.com/security/cve/CVE-2020-8161\nhttps://access.redhat.com/security/cve/CVE-2020-8184\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11619\nhttps://access.redhat.com/security/cve/CVE-2020-14061\nhttps://access.redhat.com/security/cve/CVE-2020-14062\nhttps://access.redhat.com/security/cve/CVE-2020-14195\nhttps://access.redhat.com/security/cve/CVE-2020-14334\nhttps://access.redhat.com/security/cve/CVE-2020-14380\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK\n1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa\n5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr\noomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f\nZ8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io\nOhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX\nk9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG\nC2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5\n/6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta\nD2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a\nf4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG\n1yK/tAm1KBU=osSG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nNOTE: This advisory is an addendum to\nhttps://access.redhat.com/errata/RHBA-2020:1414 and is an informational\nadvisory only, to clarify security fixes released therein. No code has been\nmodified as part of this advisory. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. 7) - noarch\n\n3. Description:\n\nThe jackson-databind package provides general data-binding functionality\nfor Jackson, which works on top of Jackson core streaming API. \n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in org.springframework:spring-aop\n(CVE-2020-11619)\n\n* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n(CVE-2020-11620)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n\n6. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 18.0", "sources": [ { "db": "NVD", "id": "CVE-2020-11619" }, { "db": "VULHUB", "id": "VHN-164215" }, { "db": "VULMON", "id": "CVE-2020-11619" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "160601" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "157834" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "158095" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-11619", "trust": 2.6 }, { "db": "PACKETSTORM", "id": "158651", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "157834", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "159724", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "160601", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "159208", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "158095", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1766", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2588", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.4471", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3190", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2071", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1368", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3703", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1857", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2619", "trust": 0.6 }, { "db": "NSFOCUS", "id": "48396", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202004-387", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "158650", "trust": 0.2 }, { "db": "CNVD", "id": "CNVD-2020-28475", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-164215", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-11619", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "157741", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158636", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-164215" }, { "db": "VULMON", "id": "CVE-2020-11619" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "160601" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "157834" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "158095" }, { "db": "CNNVD", "id": "CNNVD-202004-387" }, { "db": "NVD", "id": "CVE-2020-11619" } ] }, "id": "VAR-202004-0345", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-164215" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T20:17:07.679000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115606" }, { "title": "Red Hat: Important: rh-maven35-jackson-databind security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202320 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat Single Sign-On 7.4.0 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205625 - security advisory" }, { "title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 18 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202565 - security advisory" }, { "title": "IBM: Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affect IBM Sterling B2B Integrator", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9bb4efe27af18414a7db703d1dd40070" }, { "title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203779 - security advisory" }, { "title": "Red Hat: Important: Satellite 6.8 release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204366 - security advisory" }, { "title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory" }, { "title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory" }, { "title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202067 - security advisory" }, { "title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-130" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109" }, { "title": "cubed", "trust": 0.1, "url": "https://github.com/yahoo/cubed " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-11619" }, { "db": "CNNVD", "id": "CNNVD-202004-387" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-164215" }, { "db": "NVD", "id": "CVE-2020-11619" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20200511-0004/" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2680" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e" }, { "trust": 1.0, "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.8, "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.8, "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2020-11619" }, { "trust": 0.8, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.8, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.8, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/" }, { "trust": 0.7, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2020-11620" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-10968" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1368/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2071/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3703/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2588/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/157834/red-hat-security-advisory-2020-2320-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1857/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2619/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1766/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/160601/red-hat-security-advisory-2020-5625-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4471/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158095/red-hat-security-advisory-2020-2565-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-denial-of-service-via-spring-aop-methodlocatingfactorybean-serialization-gadgets-typing-32066" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3190/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/48396" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159724/red-hat-security-advisory-2020-4366-01.html" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-11112" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9547" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-11113" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9546" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9548" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-8840" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-10969" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-7238" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-11111" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10672" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-9512" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-9514" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-9515" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-14061" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10673" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-14062" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-20330" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-17573" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14060" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-12406" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-20445" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-20444" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-10086" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-9511" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086" }, { "trust": 0.2, "url": "https://access.redhat.com/errata/rhsa-2020:2320" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-13990" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9518" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16869" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12423" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-11612" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16335" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16943" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-17531" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14540" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-17267" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14893" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16942" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14888" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12400" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14838" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14892" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-14195" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3196" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3875" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14832" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2067" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0210" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10219" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10199" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10201" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1729" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14887" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14820" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:4366" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16782" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16782" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12781" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-5267" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14380" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11751" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7943" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8184" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14334" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11751" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-5217" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12781" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5267" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7663" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5217" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7663" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14380" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8184" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7942" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10693" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8161" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14334" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7943" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-5216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1727" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1727" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:5625" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=distributions\u0026version=7.4" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2020:1414" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3197" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3831" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-12541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4970" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9827" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1745" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10172" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1953" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1757" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3192" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3797" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2565" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19343" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3805" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19343" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3805" } ], "sources": [ { "db": "VULHUB", "id": "VHN-164215" }, { "db": "VULMON", "id": "CVE-2020-11619" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "160601" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "157834" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "158095" }, { "db": "CNNVD", "id": "CNNVD-202004-387" }, { "db": "NVD", "id": "CVE-2020-11619" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-164215" }, { "db": "VULMON", "id": "CVE-2020-11619" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "160601" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "157834" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "158095" }, { "db": "CNNVD", "id": "CNNVD-202004-387" }, { "db": "NVD", "id": "CVE-2020-11619" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-04-07T00:00:00", "db": "VULHUB", "id": "VHN-164215" }, { "date": "2020-04-07T00:00:00", "db": "VULMON", "id": "CVE-2020-11619" }, { "date": "2020-07-29T17:52:58", "db": "PACKETSTORM", "id": "158650" }, { "date": "2020-05-18T16:42:53", "db": "PACKETSTORM", "id": "157741" }, { "date": "2020-10-27T16:58:42", "db": "PACKETSTORM", "id": "159724" }, { "date": "2020-12-17T18:09:37", "db": "PACKETSTORM", "id": "160601" }, { "date": "2020-07-29T17:53:05", "db": "PACKETSTORM", "id": "158651" }, { "date": "2020-05-26T20:50:36", "db": "PACKETSTORM", "id": "157834" }, { "date": "2020-07-29T00:05:59", "db": "PACKETSTORM", "id": "158636" }, { "date": "2020-06-16T00:54:44", "db": "PACKETSTORM", "id": "158095" }, { "date": "2020-04-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202004-387" }, { "date": "2020-04-07T23:15:12.077000", "db": "NVD", "id": "CVE-2020-11619" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-02-22T00:00:00", "db": "VULHUB", "id": "VHN-164215" }, { "date": "2021-02-22T00:00:00", "db": "VULMON", "id": "CVE-2020-11619" }, { "date": "2022-06-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202004-387" }, { "date": "2023-11-07T03:15:00.010000", "db": "NVD", "id": "CVE-2020-11619" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "159724" }, { "db": "CNNVD", "id": "CNNVD-202004-387" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind Code problem vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202004-387" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202004-387" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202003-1787">var-202003-1787</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:</p> <p>Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. </p> <p>It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. </p> <p>Security Fix(es):</p> <ul> <li> <p>apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)</p> </li> <li> <p>cxf: does not restrict the number of message attachments (CVE-2019-12406)</p> </li> <li> <p>cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12419)</p> </li> <li> <p>hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)</p> </li> <li> <p>HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)</p> </li> <li> <p>HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)</p> </li> <li> <p>HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)</p> </li> <li> <p>HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)</p> </li> <li> <p>jackson-databind: Multiple serialization gadgets (CVE-2019-17531, CVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540, CVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2019-20330, CVE-2020-8840)</p> </li> <li> <p>jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672, CVE-2020-10673)</p> </li> <li> <p>keycloak: adapter endpoints are exposed via arbitrary URLs (CVE-2019-14820)</p> </li> <li> <p>keycloak: missing signatures validation on CRL used to verify client certificates (CVE-2019-3875)</p> </li> <li> <p>keycloak: SAML broker does not check existence of signature on document allowing any user impersonation (CVE-2019-10201)</p> </li> <li> <p>keycloak: CSRF check missing in My Resources functionality in the Account Console (CVE-2019-10199)</p> </li> <li> <p>keycloak: cross-realm user access auth bypass (CVE-2019-14832)</p> </li> <li> <p>netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)</p> </li> <li> <p>SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader (CVE-2020-1729)</p> </li> <li> <p>thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)</p> </li> <li> <p>thrift: Endless loop when feed with specific input data (CVE-2019-0205)</p> </li> <li> <p>undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888)</p> </li> <li> <p>wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887)</p> </li> <li> <p>wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default (CVE-2019-14838)</p> </li> <li> <p>xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source (CVE-2019-12400)</p> </li> </ul> <p>For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section. You must be logged in to download the update. </p> <p>NOTE: This advisory is an addendum to https://access.redhat.com/errata/RHBA-2020:1414 and is an informational advisory only, to clarify security fixes released therein. No code has been modified as part of this advisory. Description:</p> <p>Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Summary:</p> <p>This is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):</p> <p>JBEAP-18881 - Upgrade Undertow to 2.0.30.SP1 JBEAP-18974 - Upgrade snakeyaml to 1.26 JBEAP-18975 - Upgrade cryptacular to 1.2.4 JBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001 JBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4 JBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final JBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final JBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final JBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes</p> <ol> <li>Description:</li> </ol> <p>Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. </p> <p>This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Solution:</p> <p>To install this update, do the following:</p> <ol> <li>Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1595621 - CVE-2017-7658 jetty: Incorrect header handling 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender</p> <ol> <li>The purpose of this text-only errata is to inform you about the security issues fixed in this release. </li> </ol> <p>Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>===================================================================== Red Hat Security Advisory</p> <p>Synopsis: Important: rh-maven35-jackson-databind security update Advisory ID: RHSA-2020:1523-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2020:1523 Issue date: 2020-04-21 Cross references: 1822587 1822174 1822932 1822937 1822927 CVE Names: CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 =====================================================================</p> <ol> <li>Summary:</li> </ol> <p>An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Relevant releases/architectures:</li> </ol> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch</p> <ol> <li>Description:</li> </ol> <p>The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. </p> <p>Security Fix(es):</p> <ul> <li> <p>jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)</p> </li> <li> <p>jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)</p> </li> <li> <p>jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)</p> </li> <li> <p>jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)</p> </li> <li> <p>jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)</p> </li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. </p> <ol> <li>Solution:</li> </ol> <p>For details on how to apply this update, which includes the changes described in this advisory, refer to:</p> <p>https://access.redhat.com/articles/11258</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime</p> <ol> <li>Package List:</li> </ol> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p> <p>These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/</p> <ol> <li>References:</li> </ol> <p>https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11111 https://access.redhat.com/security/cve/CVE-2020-11112 https://access.redhat.com/security/cve/CVE-2020-11113 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBXp7oOtzjgjWX9erEAQghsBAAk6mN7QOctoM4gV9BDkYybnwjFrgzSgQg LahdpBV7QmHQ/6rdhSlbE8sGCdrUwLJy1GvRS1PzvUY2IzLf8c0rtzcHrIiD1wWB N5kEBWiNgHOpuU4etwbR9gGsY7hhSvyxzTyRhHU36UQJqyNoc95DfbokqeAf8Ggp dfw20J8hsCkQ6OkvDCM6T9fY7jcbHdiD4jx8WSMn3bQS3o8zRf1JJlMPOqLnHM+J 998+RIzoJYqqdL7XNWPMopvR1yps2Xx+NTL4+2Vg8e+2KVxO+ksIu3EqRsCRD0wT 22iPNX3r8ETjWcfLGw0Imvc8RiRsCL7L4oa+cbIpnBdvsRr/yW8IYmvJmHwFTZlK +vIyYPAfSCLuHSktXEwZ9WDMeFsJfZr+zdVZ5MmOgvMAIqg+0RSE3VBlzmuAOMbv yNz6SPODozvMDPmW1OwLhtGsu1CigORIuTRcNSYwTkXVoAxFhWXK0sHuxc3h1ne0 x38Tgk1grF7xbBSfvJwFn0MfBhufg4+iUuFhte7mtuSu3gvjQ/qt01Oo11p8cW2m g6lX1NGEsUpEONf0NS+1hFSxWB4ex7ln98e5AqNWtLHt3S5OHzI67+/4dgl5xF7J PdLv4j8b1AqTV8wRX6pK59OeslYcPhYdMWHEbMSkQJ3WZFOILkyTm6HWer9kl3Yt 8yoMyLl6FBM= =n1if -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202003-1787" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202003-1787" aria-expanded="false" aria-controls="collapseJsonvar-202003-1787"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202003-1787&t=Vulnerability var-202003-1787" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202003-1787&title=Vulnerability var-202003-1787" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202003-1787&url=https://vulnerability.circl.lu/vuln/var-202003-1787" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202003-1787&title=Vulnerability var-202003-1787" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202003-1787&description=Vulnerability var-202003-1787" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202003-1787&title=Vulnerability var-202003-1787" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202003-1787')" vuln-id="var-202003-1787" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202003-1787"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202003-1787">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1787", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "retail sales audit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.3" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.1" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.2" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "communications network charging and control", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "12.0.3" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "global lifecycle management opatch", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "12.2.0.1.20" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.4" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.4.2" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications network charging and control", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "12.0.0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.0.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.5.0" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.4.2" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.2" }, { "model": "banking platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "2.4.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.4.0.0" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.4.0" }, { "model": "banking platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "2.9.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.2" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "steelstore cloud integrated storage", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "communications calendar server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.1" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "jackson-databind", "scope": "eq", "trust": 0.8, "vendor": "fasterxml", "version": "2.9.10.4" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-003615" }, { "db": "NVD", "id": "CVE-2020-11111" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.4", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.0.3", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.9.0", "versionStartIncluding": "2.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.2.0.1.20", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-11111" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "160601" }, { "db": "PACKETSTORM", "id": "157859" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157322" }, { "db": "CNNVD", "id": "CNNVD-202003-1737" } ], "trust": 1.4 }, "cve": "CVE-2020-11111", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-003615", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-163657", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-11111", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-003615", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-11111", "trust": 1.0, "value": "HIGH" }, { "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "id": "CVE-2020-11111", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2020-003615", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202003-1737", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-163657", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-11111", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-163657" }, { "db": "VULMON", "id": "CVE-2020-11111" }, { "db": "JVNDB", "id": "JVNDB-2020-003615" }, { "db": "CNNVD", "id": "CNNVD-202003-1737" }, { "db": "NVD", "id": "CVE-2020-11111" }, { "db": "NVD", "id": "CVE-2020-11111" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nSecurity Fix(es):\n\n* apache-commons-beanutils: does not suppresses the class property in\nPropertyUtilsBean by default (CVE-2019-10086)\n\n* cxf: does not restrict the number of message attachments (CVE-2019-12406)\n\n* cxf: OpenId Connect token service does not properly validate the clientId\n(CVE-2019-12419)\n\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* jackson-databind: Multiple serialization gadgets (CVE-2019-17531,\nCVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540,\nCVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546,\nCVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968,\nCVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619,\nCVE-2020-11620, CVE-2019-20330, CVE-2020-8840)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command \nexecution (CVE-2020-10672, CVE-2020-10673)\n\n* keycloak: adapter endpoints are exposed via arbitrary URLs\n(CVE-2019-14820)\n\n* keycloak: missing signatures validation on CRL used to verify client\ncertificates (CVE-2019-3875)\n\n* keycloak: SAML broker does not check existence of signature on document\nallowing any user impersonation (CVE-2019-10201)\n\n* keycloak: CSRF check missing in My Resources functionality in the Account\nConsole (CVE-2019-10199)\n\n* keycloak: cross-realm user access auth bypass (CVE-2019-14832)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n\n* SmallRye: SecuritySupport class is incorrectly public and contains a\nstatic method to access the current threads context class loader\n(CVE-2020-1729)\n\n* thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* thrift: Endless loop when feed with specific input data (CVE-2019-0205)\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server\nlistening on HTTPS (CVE-2019-14888)\n\n* wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not\nrespected if OpenSSL security provider is in use (CVE-2019-14887)\n\n* wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and\n\u0027Deployer\u0027 user by default (CVE-2019-14838)\n\n* xml-security: Apache Santuario potentially loads XML parsing code from an\nuntrusted source (CVE-2019-12400)\n\nFor more details about the security issues and their impact, the CVSS\nscore, acknowledgements, and other related information, see the CVE pages\nlisted in the References section. You must be logged in to download the update. \n\nNOTE: This advisory is an addendum to\nhttps://access.redhat.com/errata/RHBA-2020:1414 and is an informational\nadvisory only, to clarify security fixes released therein. No code has been\nmodified as part of this advisory. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18881 - Upgrade Undertow to 2.0.30.SP1\nJBEAP-18974 - Upgrade snakeyaml to 1.26\nJBEAP-18975 - Upgrade cryptacular to 1.2.4\nJBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001\nJBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final\nJBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final\nJBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final\nJBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes\n\n6. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat\nData Grid 7.3.6 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See\nthe download link in the References section. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1595621 - CVE-2017-7658 jetty: Incorrect header handling\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n\n5. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-maven35-jackson-databind security update\nAdvisory ID: RHSA-2020:1523-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:1523\nIssue date: 2020-04-21\nCross references: 1822587 1822174 1822932 1822937 1822927\nCVE Names: CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 \n CVE-2020-11112 CVE-2020-11113 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-maven35-jackson-databind is now available for Red Hat\nSoftware Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. Description:\n\nThe jackson-databind package provides general data-binding functionality\nfor Jackson, which works on top of Jackson core streaming API. \n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in\norg.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)\n\n* jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n(CVE-2020-10969)\n\n* jackson-databind: Serialization gadgets in\norg.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)\n\n* jackson-databind: Serialization gadgets in\norg.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)\n\n* jackson-databind: Serialization gadgets in\norg.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11111\nhttps://access.redhat.com/security/cve/CVE-2020-11112\nhttps://access.redhat.com/security/cve/CVE-2020-11113\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXp7oOtzjgjWX9erEAQghsBAAk6mN7QOctoM4gV9BDkYybnwjFrgzSgQg\nLahdpBV7QmHQ/6rdhSlbE8sGCdrUwLJy1GvRS1PzvUY2IzLf8c0rtzcHrIiD1wWB\nN5kEBWiNgHOpuU4etwbR9gGsY7hhSvyxzTyRhHU36UQJqyNoc95DfbokqeAf8Ggp\ndfw20J8hsCkQ6OkvDCM6T9fY7jcbHdiD4jx8WSMn3bQS3o8zRf1JJlMPOqLnHM+J\n998+RIzoJYqqdL7XNWPMopvR1yps2Xx+NTL4+2Vg8e+2KVxO+ksIu3EqRsCRD0wT\n22iPNX3r8ETjWcfLGw0Imvc8RiRsCL7L4oa+cbIpnBdvsRr/yW8IYmvJmHwFTZlK\n+vIyYPAfSCLuHSktXEwZ9WDMeFsJfZr+zdVZ5MmOgvMAIqg+0RSE3VBlzmuAOMbv\nyNz6SPODozvMDPmW1OwLhtGsu1CigORIuTRcNSYwTkXVoAxFhWXK0sHuxc3h1ne0\nx38Tgk1grF7xbBSfvJwFn0MfBhufg4+iUuFhte7mtuSu3gvjQ/qt01Oo11p8cW2m\ng6lX1NGEsUpEONf0NS+1hFSxWB4ex7ln98e5AqNWtLHt3S5OHzI67+/4dgl5xF7J\nPdLv4j8b1AqTV8wRX6pK59OeslYcPhYdMWHEbMSkQJ3WZFOILkyTm6HWer9kl3Yt\n8yoMyLl6FBM=\n=n1if\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2020-11111" }, { "db": "JVNDB", "id": "JVNDB-2020-003615" }, { "db": "VULHUB", "id": "VHN-163657" }, { "db": "VULMON", "id": "CVE-2020-11111" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "160601" }, { "db": "PACKETSTORM", "id": "157859" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157322" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-11111", "trust": 3.4 }, { "db": "PACKETSTORM", "id": "159208", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "158651", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "160601", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-003615", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202003-1737", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "157859", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "157322", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.1399", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1766", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2588", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.4471", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3190", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1368", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1882", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2619", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "NSFOCUS", "id": "48395", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "158650", "trust": 0.2 }, { "db": "CNVD", "id": "CNVD-2020-21474", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-163657", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-11111", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "157741", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158636", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-163657" }, { "db": "VULMON", "id": "CVE-2020-11111" }, { "db": "JVNDB", "id": "JVNDB-2020-003615" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "160601" }, { "db": "PACKETSTORM", "id": "157859" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157322" }, { "db": "CNNVD", "id": "CNNVD-202003-1737" }, { "db": "NVD", "id": "CVE-2020-11111" } ] }, "id": "VAR-202003-1787", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-163657" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:10:30.703000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Block one more gadget type (activemq-pool[-jms], CVE-2020-11111) #2664", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2664" }, { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115371" }, { "title": "Red Hat: Moderate: Red Hat Single Sign-On 7.4.0 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205625 - security advisory" }, { "title": "Red Hat: Important: rh-maven35-jackson-databind security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201523 - security advisory" }, { "title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203779 - security advisory" }, { "title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 19 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202333 - security advisory" }, { "title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory" }, { "title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory" }, { "title": "IBM: Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affect IBM Sterling B2B Integrator", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9bb4efe27af18414a7db703d1dd40070" }, { "title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202067 - security advisory" }, { "title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "cubed", "trust": 0.1, "url": "https://github.com/yahoo/cubed " }, { "title": "Java-Deserialization-CVEs", "trust": 0.1, "url": "https://github.com/palindromelabs/java-deserialization-cves " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-11111" }, { "db": "JVNDB", "id": "JVNDB-2020-003615" }, { "db": "CNNVD", "id": "CNNVD-202003-1737" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-163657" }, { "db": "JVNDB", "id": "JVNDB-2020-003615" }, { "db": "NVD", "id": "CVE-2020-11111" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20200403-0002/" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2664" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.0, "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.8, "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11111" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2020-11112" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2020-11113" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2020-10968" }, { "trust": 0.8, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.8, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.8, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2020-11111" }, { "trust": 0.7, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/" }, { "trust": 0.7, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2020-10969" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-9547" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-10672" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-11619" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-11620" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1882/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1368/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4471/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-denial-of-service-via-activemq-serialization-gadgets-typing-32063" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/157859/red-hat-security-advisory-2020-2333-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2588/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3190/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2619/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/48395" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1766/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/157322/red-hat-security-advisory-2020-1523-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/160601/red-hat-security-advisory-2020-5625-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1399/" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9546" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-10673" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9548" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-8840" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-20330" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-7238" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-17573" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-20445" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-20444" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-10086" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14060" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-9512" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-12406" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-9514" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-9515" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14061" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14062" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-16869" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-12423" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11612" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-16335" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-16943" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-17531" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-14540" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-17267" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-14893" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-16942" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-14888" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-14892" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-1745" }, { "trust": 0.2, "url": "https://access.redhat.com/errata/rhsa-2020:5625" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-13990" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9518" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0210" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9511" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12419" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0205" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12400" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14887" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1695" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-10172" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1757" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/palindromelabs/java-deserialization-cves" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3196" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3875" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14832" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2067" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10219" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10199" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10201" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1729" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14820" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1727" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1727" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=distributions\u0026version=7.4" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2020:1414" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2333" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/19/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10688" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xeap-cd\u0026downloadtype=securitypatches\u0026version\u0019" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10174" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1732" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3197" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9488" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=securitypatches\u0026version=7.3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3779" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10714" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7658" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1710" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-7658" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1748" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3831" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-12541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4970" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9827" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1953" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3192" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14195" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3797" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:1523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" } ], "sources": [ { "db": "VULHUB", "id": "VHN-163657" }, { "db": "VULMON", "id": "CVE-2020-11111" }, { "db": "JVNDB", "id": "JVNDB-2020-003615" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "160601" }, { "db": "PACKETSTORM", "id": "157859" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157322" }, { "db": "CNNVD", "id": "CNNVD-202003-1737" }, { "db": "NVD", "id": "CVE-2020-11111" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-163657" }, { "db": "VULMON", "id": "CVE-2020-11111" }, { "db": "JVNDB", "id": "JVNDB-2020-003615" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "160601" }, { "db": "PACKETSTORM", "id": "157859" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "157322" }, { "db": "CNNVD", "id": "CNNVD-202003-1737" }, { "db": "NVD", "id": "CVE-2020-11111" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-31T00:00:00", "db": "VULHUB", "id": "VHN-163657" }, { "date": "2020-03-31T00:00:00", "db": "VULMON", "id": "CVE-2020-11111" }, { "date": "2020-04-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-003615" }, { "date": "2020-07-29T17:52:58", "db": "PACKETSTORM", "id": "158650" }, { "date": "2020-05-18T16:42:53", "db": "PACKETSTORM", "id": "157741" }, { "date": "2020-12-17T18:09:37", "db": "PACKETSTORM", "id": "160601" }, { "date": "2020-05-28T16:22:46", "db": "PACKETSTORM", "id": "157859" }, { "date": "2020-07-29T17:53:05", "db": "PACKETSTORM", "id": "158651" }, { "date": "2020-09-17T14:07:40", "db": "PACKETSTORM", "id": "159208" }, { "date": "2020-07-29T00:05:59", "db": "PACKETSTORM", "id": "158636" }, { "date": "2020-04-21T14:19:58", "db": "PACKETSTORM", "id": "157322" }, { "date": "2020-03-31T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-1737" }, { "date": "2020-03-31T05:15:13.007000", "db": "NVD", "id": "CVE-2020-11111" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-10T00:00:00", "db": "VULHUB", "id": "VHN-163657" }, { "date": "2021-12-10T00:00:00", "db": "VULMON", "id": "CVE-2020-11111" }, { "date": "2020-04-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-003615" }, { "date": "2022-06-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-1737" }, { "date": "2024-07-03T01:36:10.713000", "db": "NVD", "id": "CVE-2020-11111" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-1737" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind Unreliable data deserialization vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-003615" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-1737" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202009-1633">var-202009-1633</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. FasterXML jackson-databind 2.0 series prior to 2.9.10.6 has a security vulnerability, which originates from com.pastdev.httpcomponents.configuration.JndiConfiguration. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>==================================================================== <br /> Red Hat Security Advisory</p> <p>Synopsis: Important: rh-maven35-jackson-databind security update Advisory ID: RHSA-2020:4173-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2020:4173 Issue date: 2020-10-05 CVE Names: CVE-2020-24750 ==================================================================== 1. Summary:</p> <p>An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Relevant releases/architectures:</li> </ol> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch</p> <ol> <li>Description:</li> </ol> <p>The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. </p> <p>Security Fix(es):</p> <ul> <li>jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)</li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. </p> <ol> <li>Solution:</li> </ol> <p>For details on how to apply this update, which includes the changes described in this advisory, refer to:</p> <p>https://access.redhat.com/articles/11258</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration</p> <ol> <li>Package List:</li> </ol> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm</p> <p>Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):</p> <p>Source: rh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm</p> <p>noarch: rh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm</p> <p>These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/</p> <ol> <li>References:</li> </ol> <p>https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBX3s4DtzjgjWX9erEAQhtzQ/+KJm3W2dfbUqCVcdtymA4f4UfDt0LFXTP T5AuDJQk5evqIQWpnV/bgbpnIhkGLFVW6AWAQK0pnT5Zl4HK33+sNOTRHKpey0PR j3C43AuFL68XeWVKX8iJdAo42s/a3K4QjEgofXiXfDipPxg356zb8lm4RiXlx9db LMgXAL0uKDzv+4HYcEmOY7A+8rDB4GwLLDmj2J6ZyahNLOECJbO7CdPVEUeT/cFN 32vYBoxmLw1CahI5RcpiebibLA2SRss84iG+/NceptBTfqQzcHVipBHzryOUNsVz PHCcgDAi0KiNR8ugj142CBcVmW6nu3WCipqxjQ86cRx3r2yu5B3yTlAMxjaBxHIC usxO7BPuiK+6Cizw0Qd/DaI0e2YkEvGJ6OwDxEB27j3id9IB9Q1n6qucZH8vahAi gJv/W+Ij1Ff1OaNVZIfXLFAnloVZAy6jBXvwzZNJWOkbHPRjbcz8JJWOt5v4AbsR DKKLs+EoxE+3GPJdTL1EAgA+rrEmbtXVHyuqamf89H5LD2yGjJF8IJkk1ei9b3FJ /hj8UXrfKYnfSM0Q/UnqQbTWXYjqhjJpkrTXTIFR2zZxnaYNOaH/lmMfBpvBEYBW K0I0Y47LoZnt2P+kaJnHWu+uuuETIkrThNZK+JH1qFzhjYfc2AGcB9r2SMAWEARI LOeqeMsgpVs=jbsa -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/):</p> <p>1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. </p> <p>Bug Fix(es):</p> <ul> <li> <p>Gather image registry config (backport to 4.3) (BZ#1836815)</p> </li> <li> <p>Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist (BZ#1849176)</p> </li> <li> <p>Login with OpenShift not working after cluster upgrade (BZ#1852429)</p> </li> <li> <p>Limit the size of gathered federated metrics from alerts in Insights Operator (BZ#1874018)</p> </li> <li> <p>[4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs (BZ#1879110)</p> </li> <li> <p>[release 4.3] OpenShift APIs become unavailable for more than 15 minutes after one of master nodes went down(OAuth) (BZ#1880293)</p> </li> </ul> <p>You may download the oc tool and use it to inspect release image metadata as follows:</p> <p>(For x86_64 architecture)</p> <p>$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-x86_64</p> <p>The image digest is sha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc</p> <p>(For s390x architecture)</p> <p>$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-s390x The image digest is sha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64</p> <p>(For ppc64le architecture)</p> <p>$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le</p> <p>The image digest is sha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1836815 - Gather image registry config (backport to 4.3) 1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist 1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator 1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized 1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs</p> <ol> <li>JIRA issues fixed (https://issues.jboss.org/):</li> </ol> <p>LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"</p> <ol> <li>Description:</li> </ol> <p>Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. See the following advisory for the container images for this release:</p> <p>https://access.redhat.com/errata/RHEA-2020:5633</p> <p>All OpenShift Container Platform users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. Solution:</p> <p>For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:</p> <p>https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html</p> <p>Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):</p> <p>1823765 - nfd-workers crash under an ipv6 environment 1838802 - mysql8 connector from operatorhub does not work with metering operator 1838845 - Metering operator can't connect to postgres DB from Operator Hub 1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1868294 - NFD operator does not allow customisation of nfd-worker.conf 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1890672 - NFD is missing a build flag to build correctly 1890741 - path to the CA trust bundle ConfigMap is broken in report operator 1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster 1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel 1900125 - FIPS error while generating RSA private key for CA 1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub 1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub 1913837 - The CI and ART 4.7 metering images are not mirrored 1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le 1916010 - olm skip range is set to the wrong range 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923998 - NFD Operator is failing to update and remains in Replacing state</p> <p>5</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202009-1633" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202009-1633" aria-expanded="false" aria-controls="collapseJsonvar-202009-1633"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202009-1633&t=Vulnerability var-202009-1633" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202009-1633&title=Vulnerability var-202009-1633" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202009-1633&url=https://vulnerability.circl.lu/vuln/var-202009-1633" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202009-1633&title=Vulnerability var-202009-1633" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202009-1633&description=Vulnerability var-202009-1633" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202009-1633&title=Vulnerability var-202009-1633" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202009-1633')" vuln-id="var-202009-1633" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202009-1633"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202009-1633">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202009-1633", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ucosminexus application server", "scope": null, "trust": 1.6, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ucosminexus service platform", "scope": null, "trust": 1.6, "vendor": "\u65e5\u7acb", "version": null }, { "model": "siebel ui framework", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.2" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.0" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "communications policy management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.5.0" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.6" }, { "model": "communications pricing design center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.0" }, { "model": "banking liquidity management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.6.7.5" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.5.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "banking liquidity management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "siebel core - server framework", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.5" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "communications offline mediation controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3.0" }, { "model": "communications calendar server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.4.0" }, { "model": "communications calendar server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "communications unified inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4.1" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.0.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "identity manager connector", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.1.1.5.0" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.5.0" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.1" }, { "model": "banking liquidity management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "blockchain platform", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "21.1.2" }, { "model": "communications messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications services gatekeeper", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.0" }, { "model": "jackson-databind", "scope": null, "trust": 0.8, "vendor": "fasterxml", "version": null }, { "model": "ucosminexus application server-r", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ucosminexus developer", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "agile product lifecycle management", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "model": "oracle communications calendar server", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "model": "oracle communications contacts server", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "model": "oracle communications diameter signaling router", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-011430" }, { "db": "NVD", "id": "CVE-2020-24750" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.6", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.4.0", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:siebel_core_-_server_framework:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "21.1.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.0.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-24750" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "159466" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "159661" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "161536" }, { "db": "CNNVD", "id": "CNNVD-202009-1066" } ], "trust": 1.1 }, "cve": "CVE-2020-24750", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-24750", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-178660", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-24750", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-24750", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202009-1066", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-178660", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-24750", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-178660" }, { "db": "VULMON", "id": "CVE-2020-24750" }, { "db": "JVNDB", "id": "JVNDB-2020-011430" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202009-1066" }, { "db": "NVD", "id": "CVE-2020-24750" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. FasterXML jackson-databind 2.0 series prior to 2.9.10.6 has a security vulnerability, which originates from com.pastdev.httpcomponents.configuration.JndiConfiguration. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-maven35-jackson-databind security update\nAdvisory ID: RHSA-2020:4173-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4173\nIssue date: 2020-10-05\nCVE Names: CVE-2020-24750\n====================================================================\n1. Summary:\n\nAn update for rh-maven35-jackson-databind is now available for Red Hat\nSoftware Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. Description:\n\nThe jackson-databind package provides general data-binding functionality\nfor Jackson, which works on top of Jackson core streaming API. \n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in\ncom.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX3s4DtzjgjWX9erEAQhtzQ/+KJm3W2dfbUqCVcdtymA4f4UfDt0LFXTP\nT5AuDJQk5evqIQWpnV/bgbpnIhkGLFVW6AWAQK0pnT5Zl4HK33+sNOTRHKpey0PR\nj3C43AuFL68XeWVKX8iJdAo42s/a3K4QjEgofXiXfDipPxg356zb8lm4RiXlx9db\nLMgXAL0uKDzv+4HYcEmOY7A+8rDB4GwLLDmj2J6ZyahNLOECJbO7CdPVEUeT/cFN\n32vYBoxmLw1CahI5RcpiebibLA2SRss84iG+/NceptBTfqQzcHVipBHzryOUNsVz\nPHCcgDAi0KiNR8ugj142CBcVmW6nu3WCipqxjQ86cRx3r2yu5B3yTlAMxjaBxHIC\nusxO7BPuiK+6Cizw0Qd/DaI0e2YkEvGJ6OwDxEB27j3id9IB9Q1n6qucZH8vahAi\ngJv/W+Ij1Ff1OaNVZIfXLFAnloVZAy6jBXvwzZNJWOkbHPRjbcz8JJWOt5v4AbsR\nDKKLs+EoxE+3GPJdTL1EAgA+rrEmbtXVHyuqamf89H5LD2yGjJF8IJkk1ei9b3FJ\n/hj8UXrfKYnfSM0Q/UnqQbTWXYjqhjJpkrTXTIFR2zZxnaYNOaH/lmMfBpvBEYBW\nK0I0Y47LoZnt2P+kaJnHWu+uuuETIkrThNZK+JH1qFzhjYfc2AGcB9r2SMAWEARI\nLOeqeMsgpVs=jbsa\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \n\nBug Fix(es):\n\n* Gather image registry config (backport to 4.3) (BZ#1836815)\n\n* Builds fail after running postCommit script if OCP cluster is configured\nwith a container registry whitelist (BZ#1849176)\n\n* Login with OpenShift not working after cluster upgrade (BZ#1852429)\n\n* Limit the size of gathered federated metrics from alerts in Insights\nOperator (BZ#1874018)\n\n* [4.3] Storage operator stops reconciling when going Upgradeable=False on\nv1alpha1 CRDs (BZ#1879110)\n\n* [release 4.3] OpenShift APIs become unavailable for more than 15 minutes\nafter one of master nodes went down(OAuth) (BZ#1880293)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-x86_64\n\nThe image digest is\nsha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-s390x\nThe image digest is\nsha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le\n\nThe image digest is\nsha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1836815 - Gather image registry config (backport to 4.3)\n1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist\n1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator\n1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized\n1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHEA-2020:5633\n\nAll OpenShift Container Platform users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1823765 - nfd-workers crash under an ipv6 environment\n1838802 - mysql8 connector from operatorhub does not work with metering operator\n1838845 - Metering operator can\u0027t connect to postgres DB from Operator Hub\n1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1868294 - NFD operator does not allow customisation of nfd-worker.conf\n1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration\n1890672 - NFD is missing a build flag to build correctly\n1890741 - path to the CA trust bundle ConfigMap is broken in report operator\n1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster\n1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel\n1900125 - FIPS error while generating RSA private key for CA\n1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub\n1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub\n1913837 - The CI and ART 4.7 metering images are not mirrored\n1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le\n1916010 - olm skip range is set to the wrong range\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923998 - NFD Operator is failing to update and remains in Replacing state\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2020-24750" }, { "db": "JVNDB", "id": "JVNDB-2020-011430" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-178660" }, { "db": "VULMON", "id": "CVE-2020-24750" }, { "db": "PACKETSTORM", "id": "159466" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "159661" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "161536" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-24750", "trust": 3.1 }, { "db": "PACKETSTORM", "id": "162493", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "159466", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162350", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-011430", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3631", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0691", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3449", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1397", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1437", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0616", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1573", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021072820", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042534", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021050708", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022041931", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012315", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021072725", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042826", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042318", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022021426", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202009-1066", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-178660", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-24750", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "159661", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161536", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-178660" }, { "db": "VULMON", "id": "CVE-2020-24750" }, { "db": "JVNDB", "id": "JVNDB-2020-011430" }, { "db": "PACKETSTORM", "id": "159466" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "159661" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "161536" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202009-1066" }, { "db": "NVD", "id": "CVE-2020-24750" } ] }, "id": "VAR-202009-1633", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-178660" } ], "trust": 0.01 }, "last_update_date": "2024-02-19T22:54:37.042000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "hitachi-sec-2021-109", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b" }, { "title": "FasterXML jackson-databind Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=129712" }, { "title": "Red Hat: Important: rh-maven35-jackson-databind security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204173 - security advisory" }, { "title": "Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204264 - security advisory" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109" }, { "title": "CVE-2020-24750", "trust": 0.1, "url": "https://github.com/al1ex/cve-2020-24750 " }, { "title": "", "trust": 0.1, "url": "https://github.com/pctf/vulnerable-app " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-24750" }, { "db": "JVNDB", "id": "JVNDB-2020-011430" }, { "db": "CNNVD", "id": "CNNVD-202009-1066" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.1 }, { "problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-178660" }, { "db": "JVNDB", "id": "JVNDB-2020-011430" }, { "db": "NVD", "id": "CVE-2020-24750" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 2.3, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 2.3, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.7, "url": "https://github.com/fasterxml/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20201009-0003/" }, { "trust": 1.7, "url": "https://github.com/fasterxml/jackson-databind/issues/2798" }, { "trust": 1.7, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "trust": 1.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-identified-in-jackson-databind-shipped-with-ibm-cloud-pak-system-cve-2020-24750/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159466/red-hat-security-advisory-2020-4173-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072820" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022021426" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022041931" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042826" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012315" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042318" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-databind-8/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042534" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1397" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1573" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.oracle.com/security-alerts/cpujul2021.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0616" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021050708" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3449/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1437" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0691" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072725" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3631/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-24750" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.3, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19360" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20190" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14719" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35491" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36180" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36188" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36179" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36182" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36186" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14379" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-20388" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-7595" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16935" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-19956" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-17546" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-15903" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-8492" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-20843" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903" }, { "trust": 0.2, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:4173" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1230" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2021:1232" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:4264" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12749" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-2974" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19126" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17023" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-6829" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12652" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12403" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11756" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12243" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18197" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5482" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14973" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17498" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-18197" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17006" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2226" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2780" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5094" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12450" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2974" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2752" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20386" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2574" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14352" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14822" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14822" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12400" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11727" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2225" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5482" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12825" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18190" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14973" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12402" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8696" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2181" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5188" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-12652" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12401" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2182" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11719" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.3/updating/updating-cluster" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8675" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14866" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20386" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-18190" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2224" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5094" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5188" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9283" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19126" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11068" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-2812" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2163" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1515" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhea-2020:5633" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20907" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8624" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13050" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17450" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9925" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9802" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20218" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9895" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8625" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13225" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-15165" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14382" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8812" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3899" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8819" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3867" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1971" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8720" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9893" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19221" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8808" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3902" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8623" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1751" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3900" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8566" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25211" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9805" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8820" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9807" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8769" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8710" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8813" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9850" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8811" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:5635" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16168" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9803" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9862" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24659" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9327" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3885" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17450" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15503" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20916" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5018" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10018" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15157" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8835" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25658" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8764" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8844" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3865" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1730" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3864" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19906" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20387" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14391" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15999" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3862" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3901" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3884" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3884" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8823" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1752" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8622" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13225" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3895" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15165" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11793" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20454" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9894" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8816" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9843" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13627" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-6405" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8771" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3897" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9806" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8814" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14889" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8743" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3121" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9915" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8815" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10029" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8783" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20807" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13630" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14040" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8619" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13631" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8766" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3868" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8846" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3894" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8782" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3898" } ], "sources": [ { "db": "VULHUB", "id": "VHN-178660" }, { "db": "JVNDB", "id": "JVNDB-2020-011430" }, { "db": "PACKETSTORM", "id": "159466" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "159661" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "161536" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202009-1066" }, { "db": "NVD", "id": "CVE-2020-24750" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-178660" }, { "db": "VULMON", "id": "CVE-2020-24750" }, { "db": "JVNDB", "id": "JVNDB-2020-011430" }, { "db": "PACKETSTORM", "id": "159466" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "159661" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "PACKETSTORM", "id": "161536" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202009-1066" }, { "db": "NVD", "id": "CVE-2020-24750" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-09-17T00:00:00", "db": "VULHUB", "id": "VHN-178660" }, { "date": "2020-09-17T00:00:00", "db": "VULMON", "id": "CVE-2020-24750" }, { "date": "2021-04-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-011430" }, { "date": "2020-10-05T17:20:49", "db": "PACKETSTORM", "id": "159466" }, { "date": "2021-04-27T15:37:46", "db": "PACKETSTORM", "id": "162350" }, { "date": "2020-10-21T15:40:32", "db": "PACKETSTORM", "id": "159661" }, { "date": "2021-05-06T15:03:00", "db": "PACKETSTORM", "id": "162493" }, { "date": "2021-02-25T15:26:54", "db": "PACKETSTORM", "id": "161536" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2020-09-17T00:00:00", "db": "CNNVD", "id": "CNNVD-202009-1066" }, { "date": "2020-09-17T19:15:13.580000", "db": "NVD", "id": "CVE-2020-24750" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-12T00:00:00", "db": "VULHUB", "id": "VHN-178660" }, { "date": "2023-09-13T00:00:00", "db": "VULMON", "id": "CVE-2020-24750" }, { "date": "2021-04-02T05:20:00", "db": "JVNDB", "id": "JVNDB-2020-011430" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-06-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202009-1066" }, { "date": "2023-09-13T14:56:17.593000", "db": "NVD", "id": "CVE-2020-24750" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202009-1066" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-011430" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202008-1215">var-202008-1215</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). FasterXML jackson-databind Exists in a code injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Versions earlier than 2.9.10.6 in the FasterXML jackson-databind 2.x series have security vulnerabilities. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202008-1215" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202008-1215" aria-expanded="false" aria-controls="collapseJsonvar-202008-1215"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202008-1215&t=Vulnerability var-202008-1215" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202008-1215&title=Vulnerability var-202008-1215" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202008-1215&url=https://vulnerability.circl.lu/vuln/var-202008-1215" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202008-1215&title=Vulnerability var-202008-1215" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202008-1215&description=Vulnerability var-202008-1215" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202008-1215&title=Vulnerability var-202008-1215" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202008-1215')" vuln-id="var-202008-1215" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202008-1215"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202008-1215">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202008-1215", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "siebel ui framework", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.2" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "communications cloud native core unified data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.4.0" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "communications unified inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4.1" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "communications policy management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.5.0" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.0.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.6" }, { "model": "banking liquidity management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "communications pricing design center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "communications offline mediation controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3" }, { "model": "active iq unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.5.0" }, { "model": "identity manager connector", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.1.1.5.0" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.4.0" }, { "model": "banking liquidity management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.5.0" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.1" }, { "model": "banking liquidity management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "blockchain platform", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "21.1.2" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "communications calendar server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "communications messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1" }, { "model": "communications services gatekeeper", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.0" }, { "model": "communications calendar server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0" }, { "model": "jackson-databind", "scope": "eq", "trust": 0.8, "vendor": "fasterxml", "version": "2.9.10.6" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008259" }, { "db": "NVD", "id": "CVE-2020-24616" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.6", "versionStartIncluding": "2.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.4.0", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "21.1.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-24616" } ] }, "cve": "CVE-2020-24616", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-008259", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-178512", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-24616", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-008259", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-24616", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2020-008259", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202008-1195", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-178512", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-24616", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-178512" }, { "db": "VULMON", "id": "CVE-2020-24616" }, { "db": "JVNDB", "id": "JVNDB-2020-008259" }, { "db": "CNNVD", "id": "CNNVD-202008-1195" }, { "db": "NVD", "id": "CVE-2020-24616" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). FasterXML jackson-databind Exists in a code injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Versions earlier than 2.9.10.6 in the FasterXML jackson-databind 2.x series have security vulnerabilities. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements", "sources": [ { "db": "NVD", "id": "CVE-2020-24616" }, { "db": "JVNDB", "id": "JVNDB-2020-008259" }, { "db": "VULHUB", "id": "VHN-178512" }, { "db": "VULMON", "id": "CVE-2020-24616" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-24616", "trust": 2.6 }, { "db": "JVNDB", "id": "JVNDB-2020-008259", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202008-1195", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.3558", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1397", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2020-48577", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-178512", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-24616", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-178512" }, { "db": "VULMON", "id": "CVE-2020-24616" }, { "db": "JVNDB", "id": "JVNDB-2020-008259" }, { "db": "CNNVD", "id": "CNNVD-202008-1195" }, { "db": "NVD", "id": "CVE-2020-24616" } ] }, "id": "VAR-202008-1215", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-178512" } ], "trust": 0.01 }, "last_update_date": "2024-02-20T01:12:46.882000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Update Jackson-databind to 2.9.10.6 #902", "trust": 0.8, "url": "https://github.com/cryptonomic/conseil/issues/902" }, { "title": "FasterXML jackson-databind Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=127486" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109" }, { "title": "cve-2020-24616-poc", "trust": 0.1, "url": "https://github.com/kamimuka/cve-2020-24616-poc " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-24616" }, { "db": "JVNDB", "id": "JVNDB-2020-008259" }, { "db": "CNNVD", "id": "CNNVD-202008-1195" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.1 }, { "problemtype": "CWE-94", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-178512" }, { "db": "JVNDB", "id": "JVNDB-2020-008259" }, { "db": "NVD", "id": "CVE-2020-24616" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20200904-0006/" }, { "trust": 1.7, "url": "https://github.com/fasterxml/jackson-databind/issues/2814" }, { "trust": 1.7, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24616" }, { "trust": 1.0, "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-24616" }, { "trust": 0.7, "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3558/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerability-cve-2020-24616-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to-v4-0/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1397" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-code-execution-via-br-com-anteros-anteros-dbc-33951" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-fasterxml-jackson-databind-2/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" } ], "sources": [ { "db": "VULHUB", "id": "VHN-178512" }, { "db": "JVNDB", "id": "JVNDB-2020-008259" }, { "db": "CNNVD", "id": "CNNVD-202008-1195" }, { "db": "NVD", "id": "CVE-2020-24616" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-178512" }, { "db": "VULMON", "id": "CVE-2020-24616" }, { "db": "JVNDB", "id": "JVNDB-2020-008259" }, { "db": "CNNVD", "id": "CNNVD-202008-1195" }, { "db": "NVD", "id": "CVE-2020-24616" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-25T00:00:00", "db": "VULHUB", "id": "VHN-178512" }, { "date": "2020-08-25T00:00:00", "db": "VULMON", "id": "CVE-2020-24616" }, { "date": "2020-09-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008259" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202008-1195" }, { "date": "2020-08-25T18:15:11.133000", "db": "NVD", "id": "CVE-2020-24616" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-12T00:00:00", "db": "VULHUB", "id": "VHN-178512" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2020-24616" }, { "date": "2020-09-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008259" }, { "date": "2022-06-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202008-1195" }, { "date": "2023-11-07T03:20:08.953000", "db": "NVD", "id": "CVE-2020-24616" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202008-1195" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind Code injection vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008259" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202008-1195" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-201907-0769">var-201907-0769</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath. FasterXML jackson-databind Contains an information disclosure vulnerability.Information may be obtained. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.9.2. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512</p> <hr /> <p>Debian Security Advisory DSA-4542-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond October 06, 2019 https://www.debian.org/security/faq</p> <hr /> <p>Package : jackson-databind CVE ID : CVE-2019-12384 CVE-2019-14439 CVE-2019-14540 CVE-2019-16335 CVE-2019-16942 CVE-2019-16943 Debian Bug : 941530 940498 933393 930750</p> <p>It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker providing maliciously crafted input to perform code execution, or read arbitrary files on the server. </p> <p>For the oldstable distribution (stretch), these problems have been fixed in version 2.8.6-1+deb9u6. </p> <p>For the stable distribution (buster), these problems have been fixed in version 2.9.8-3+deb10u1. </p> <p>We recommend that you upgrade your jackson-databind packages. </p> <p>For the detailed security status of jackson-databind please refer to its security tracker page at: https://security-tracker.debian.org/tracker/jackson-databind</p> <p>Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/</p> <p>Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----</p> <p>iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAl2ZpPgACgkQEL6Jg/PV nWTg1QgArRk3fUf/k14rPha6GlJnWtRu2tZli07NzxtebAI2Ra8vKHkv1F3xSBjx tnauaRmJXonoU7t1TU51O/F7xkxX10NXym3YyrJ4+5ac6OtGmstSkMW1CmEiS8Z7 RaQQqY8GTJe5VTjiPon+lvdxyoFIDbp3nUGj8sshrULtKQX3Bjc9dotXyu0M3/7o QjsFAOLpytx/nMS1O93rqHuO381plbaAi5EYgAPv737tV8lVH3li56FYTKRMVjEg BkBpkaDGWhqoYvTu4WviyCyon0V5PgtHuD8SkN/39QqiYoDCzfa0xPjZ3a44G0kR C6qF8E4WIw465wLrRLCuuybG6/ZrzA== =Gifd -----END PGP SIGNATURE----- . The purpose of this text-only errata is to inform you about the security issues fixed in this release. </p> <p>Security Fix(es):</p> <ul> <li> <p>HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)</p> </li> <li> <p>HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)</p> </li> <li> <p>HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)</p> </li> <li> <p>HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)</p> </li> <li> <p>HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)</p> </li> <li> <p>HTTP/2: request for large response leads to denial of service (CVE-2019-9517)</p> </li> <li> <p>HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)</p> </li> <li> <p>infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)</p> </li> <li> <p>spring-security-core: mishandling of user passwords allows logging in with a password of NULL (CVE-2019-11272)</p> </li> <li> <p>jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)</p> </li> <li> <p>jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)</p> </li> <li> <p>xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response (CVE-2019-17570)</p> </li> <li> <p>js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)</p> </li> <li> <p>logback: Serialization vulnerability in SocketServer and ServerSocketReceiver (CVE-2017-5929)</p> </li> <li> <p>js-jquery: XSS in responses from cross-origin ajax requests (CVE-2017-16012)</p> </li> <li> <p>apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip (CVE-2018-11771)</p> </li> <li> <p>spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher (CVE-2019-3802)</p> </li> <li> <p>undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)</p> </li> <li> <p>shiro: Cookie padding oracle vulnerability with default configuration (CVE-2019-12422)</p> </li> <li> <p>jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. </p> </li> </ul> <p>Installation instructions are available from the Fuse 7.6.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests 1432858 - CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiver 1591854 - CVE-2017-16012 js-jquery: XSS in responses from cross-origin ajax requests 1618573 - CVE-2018-11771 apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip 1643043 - CVE-2018-15756 springframework: DoS Attack via Range Requests 1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed 1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods 1709860 - CVE-2019-5427 c3p0: loading XML configuration leads to denial of service 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. 1725807 - CVE-2019-12384 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution 1728993 - CVE-2019-11272 spring-security-core: mishandling of user passwords allows logging in with a password of NULL 1730316 - CVE-2019-3802 spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service 1752962 - CVE-2019-14439 jackson-databind: Polymorphic typing issue related to logback/JNDI 1774726 - CVE-2019-12422 shiro: Cookie padding oracle vulnerability with default configuration 1775193 - CVE-2019-17570 xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response</p> <ol> <li>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</li> </ol> <p>===================================================================== Red Hat Security Advisory</p> <p>Synopsis: Moderate: Red Hat AMQ Streams 1.3.0 release and security update Advisory ID: RHSA-2019:3200-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2019:3200 Issue date: 2019-10-24 Keywords: amq,messaging,integration CVE Names: CVE-2019-14439 CVE-2019-14540 CVE-2019-16335 CVE-2019-17267 =====================================================================</p> <ol> <li>Summary:</li> </ol> <p>Red Hat AMQ Streams 1.3.0 is now available from the Red Hat Customer Portal. </p> <p>Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Description:</li> </ol> <p>Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. </p> <p>This release of Red Hat AMQ Streams 1.3.0 serves as a replacement for Red Hat AMQ Streams 1.2.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. </p> <p>Security Fix(es):</p> <ul> <li> <p>jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariConfig (CVE-2019-14540)</p> </li> <li> <p>jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)</p> </li> <li> <p>jackson-databind: Polymorphic typing issue related to logback/JNDI (CVE-2019-14439)</p> </li> <li> <p>jackson-databind: Serialization gadgets in classes of the ehcache package (CVE-2019-17267)</p> </li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. </p> <ol> <li>Solution:</li> </ol> <p>Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. </p> <p>The References section of this erratum contains a download link (you must log in to download the update). </p> <ol> <li>References:</li> </ol> <p>https://access.redhat.com/security/cve/CVE-2019-14439 https://access.redhat.com/security/cve/CVE-2019-14540 https://access.redhat.com/security/cve/CVE-2019-16335 https://access.redhat.com/security/cve/CVE-2019-17267 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.streams&downloadType=distributions&version=1.3.0 https://access.redhat.com/products/red-hat-amq#streams</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBXbFsi9zjgjWX9erEAQjT6Q/+JDAvWImEvDZuahMo6spY5gcZgEn/A2KH 7JuCSBx+s0gW9NEIVp0emqW0dguTMmvQCqOhskE91kis6C9oJORlRPz7HqYaOGve 7pf0fwwQREb0VRYqXtXIYgQv+ugU+/m5bSaniSvO0S3iPLqdiANV/r7qoDqPPtOH dkVthpaYgtx7F4myG8DvVoAUzCfpxKsKdol/riYnp/rhmnEVrJAH5EuVbGtECj7p f4Qv+MSd2ebO0oDe9Lqjjv3bc7RTwdRsCZywfwHLQSC7S2vJyiXFGCtdS9fYBdgb obNjp8G+2hZ+prO0Xg+RfKeT6/3aUK5hmV/Az5Ip4AeP0a60WvBz+yhU5wd1WRX9 dxEb72pTG2r1ctHvYBTT3Qn2qB3fm0IRI9HfG7sRWtTXEGO2l9FN/zSDshockiJa jM26U3ePwqpcl6QAAe9HJBAzTcxw2Gf7ubyvmsizyueFddAmqOP+PnVqxMRntXrH A1sPw/Y06KATBUxkGpEY4KriJSiJU1Z2QmiAMlOa4Z+D5fAJh73BWZnLoYyPoLac jYg91xqmw2692d+ZAEmnBZRiWYY7IfqeesM+KzIuGYpsk2c8imXRv6/+KpqAW45l SgloiZiayL0WlYmF2+WUvhtH/lmzpfOnI96OJFruKHusAEVLgxj9kic5G02JteP+ hgNap4AeRy4= =W3XT -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-201907-0769" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201907-0769" aria-expanded="false" aria-controls="collapseJsonvar-201907-0769"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201907-0769&t=Vulnerability var-201907-0769" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201907-0769&title=Vulnerability var-201907-0769" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201907-0769&url=https://vulnerability.circl.lu/vuln/var-201907-0769" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201907-0769&title=Vulnerability var-201907-0769" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201907-0769&description=Vulnerability var-201907-0769" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201907-0769&title=Vulnerability var-201907-0769" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201907-0769')" vuln-id="var-201907-0769" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-201907-0769"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-201907-0769">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0769", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jd edwards enterpriseone tools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.2" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.7.0" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.2" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "global lifecycle management opatch", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "13.9.4.0.0" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "retail customer management and segmentation foundation", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.4.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.9.6" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.6.1" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.7.1" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.0" }, { "model": "global lifecycle management opatch", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.2.0.3.23" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "29" }, { "model": "siebel ui framework", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.10" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "global lifecycle management opatch", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "12.2.0.1.0" }, { "model": "global lifecycle management opatch", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "13.9.4.2.1" }, { "model": "jboss middleware text-only advisories", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.9.2" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.2.1" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.6.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.3.0" }, { "model": "drill", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.16.0" }, { "model": "global lifecycle management opatch", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "12.2.0.1.19" }, { "model": "financial services analytical applications infrastructure", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.8" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.4.1" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.0.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "30" }, { "model": "global lifecycle management opatch", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.9.4.2.1" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.1" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.6.7.3" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.5.0" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.2" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.8.11.4" }, { "model": "siebel engineering - installer \\\u0026 deployment", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.8" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "financial services analytical applications infrastructure", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.2" }, { "model": "global lifecycle management opatch", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "11.2.0.3.23" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.2" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.2" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.8.0" }, { "model": "goldengate stream analytics", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "19.1.0.0.1" }, { "model": "jackson-databind", "scope": "eq", "trust": 0.8, "vendor": "fasterxml", "version": "2.9.9.2" }, { "model": "jackson-databind", "scope": "lt", "trust": 0.8, "vendor": "fasterxml", "version": "2.x" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-007320" }, { "db": "NVD", "id": "CVE-2019-14439" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.9.2", "versionStartIncluding": "2.9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7.9.6", "versionStartIncluding": "2.7.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.8.11.4", "versionStartIncluding": "2.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.6.7.3", "versionStartIncluding": "2.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:drill:1.16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:1.0:*:*:*:*:middleware:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.10", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.2.0.3.23", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.2.0.1.19", "versionStartIncluding": "12.2.0.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.9.4.2.1", "versionStartIncluding": "13.9.4.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "19.1.0.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.8", "versionStartIncluding": "8.0.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:siebel_engineering_-_installer_\\\u0026_deployment:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:13.9.4.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:11.2.0.3.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-14439" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Debian,Red Hat", "sources": [ { "db": "CNNVD", "id": "CNNVD-201907-1500" } ], "trust": 0.6 }, "cve": "CVE-2019-14439", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2019-14439", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-146385", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-14439", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-14439", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201907-1500", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-146385", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2019-14439", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-146385" }, { "db": "VULMON", "id": "CVE-2019-14439" }, { "db": "JVNDB", "id": "JVNDB-2019-007320" }, { "db": "CNNVD", "id": "CNNVD-201907-1500" }, { "db": "NVD", "id": "CVE-2019-14439" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath. FasterXML jackson-databind Contains an information disclosure vulnerability.Information may be obtained. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.9.2. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4542-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nOctober 06, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : jackson-databind\nCVE ID : CVE-2019-12384 CVE-2019-14439 CVE-2019-14540 CVE-2019-16335 \n CVE-2019-16942 CVE-2019-16943\nDebian Bug : 941530 940498 933393 930750\n\nIt was discovered that jackson-databind, a Java library used to parse\nJSON and other data formats, did not properly validate user input\nbefore attempting deserialization. This allowed an attacker providing\nmaliciously crafted input to perform code execution, or read arbitrary\nfiles on the server. \n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 2.8.6-1+deb9u6. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.9.8-3+deb10u1. \n\nWe recommend that you upgrade your jackson-databind packages. \n\nFor the detailed security status of jackson-databind please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/jackson-databind\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAl2ZpPgACgkQEL6Jg/PV\nnWTg1QgArRk3fUf/k14rPha6GlJnWtRu2tZli07NzxtebAI2Ra8vKHkv1F3xSBjx\ntnauaRmJXonoU7t1TU51O/F7xkxX10NXym3YyrJ4+5ac6OtGmstSkMW1CmEiS8Z7\nRaQQqY8GTJe5VTjiPon+lvdxyoFIDbp3nUGj8sshrULtKQX3Bjc9dotXyu0M3/7o\nQjsFAOLpytx/nMS1O93rqHuO381plbaAi5EYgAPv737tV8lVH3li56FYTKRMVjEg\nBkBpkaDGWhqoYvTu4WviyCyon0V5PgtHuD8SkN/39QqiYoDCzfa0xPjZ3a44G0kR\nC6qF8E4WIw465wLrRLCuuybG6/ZrzA==\n=Gifd\n-----END PGP SIGNATURE-----\n. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nSecurity Fix(es):\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using PRIORITY frames results in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* HTTP/2: request for large response leads to denial of service\n(CVE-2019-9517)\n\n* HTTP/2: flood using empty frames results in excessive resource\nconsumption (CVE-2019-9518)\n\n* infinispan: invokeAccessibly method from ReflectionUtil class allows to\ninvoke private methods (CVE-2019-10174)\n\n* spring-security-core: mishandling of user passwords allows logging in\nwith a password of NULL (CVE-2019-11272)\n\n* jackson-databind: failure to block the logback-core class from\npolymorphic deserialization leading to remote code execution\n(CVE-2019-12384)\n\n* jackson-databind: default typing mishandling leading to remote code\nexecution (CVE-2019-14379)\n\n* xmlrpc: Deserialization of server-side exception from faultCause in\nXMLRPC error response (CVE-2019-17570)\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests\n(CVE-2015-9251)\n\n* logback: Serialization vulnerability in SocketServer and\nServerSocketReceiver (CVE-2017-5929)\n\n* js-jquery: XSS in responses from cross-origin ajax requests\n(CVE-2017-16012)\n\n* apache-commons-compress: ZipArchiveInputStream.read() fails to identify\ncorrect EOF allowing for DoS via crafted zip (CVE-2018-11771)\n\n* spring-data-api: potential information disclosure through maliciously\ncrafted example value in ExampleMatcher (CVE-2019-3802)\n\n* undertow: leak credentials to log files\nUndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)\n\n* shiro: Cookie padding oracle vulnerability with default configuration\n(CVE-2019-12422)\n\n* jackson-databind: polymorphic typing issue allows attacker to read\narbitrary local files on the server via crafted JSON message. \n\nInstallation instructions are available from the Fuse 7.6.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests\n1432858 - CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiver\n1591854 - CVE-2017-16012 js-jquery: XSS in responses from cross-origin ajax requests\n1618573 - CVE-2018-11771 apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip\n1643043 - CVE-2018-15756 springframework: DoS Attack via Range Requests\n1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed\n1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods\n1709860 - CVE-2019-5427 c3p0: loading XML configuration leads to denial of service\n1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes\n1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. \n1725807 - CVE-2019-12384 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution\n1728993 - CVE-2019-11272 spring-security-core: mishandling of user passwords allows logging in with a password of NULL\n1730316 - CVE-2019-3802 spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher\n1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption\n1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth\n1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service\n1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service\n1752962 - CVE-2019-14439 jackson-databind: Polymorphic typing issue related to logback/JNDI\n1774726 - CVE-2019-12422 shiro: Cookie padding oracle vulnerability with default configuration\n1775193 - CVE-2019-17570 xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat AMQ Streams 1.3.0 release and security update\nAdvisory ID: RHSA-2019:3200-01\nProduct: Red Hat JBoss AMQ\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:3200\nIssue date: 2019-10-24\nKeywords: amq,messaging,integration\nCVE Names: CVE-2019-14439 CVE-2019-14540 CVE-2019-16335 \n CVE-2019-17267 \n=====================================================================\n\n1. Summary:\n\nRed Hat AMQ Streams 1.3.0 is now available from the Red Hat Customer\nPortal. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat AMQ Streams, based on the Apache Kafka project, offers a\ndistributed backbone that allows microservices and other applications to\nshare data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 1.3.0 serves as a replacement for Red\nHat AMQ Streams 1.2.0, and includes security and bug fixes, and\nenhancements. For further information, refer to the release notes linked to\nin the References section. \n\nSecurity Fix(es):\n\n* jackson-databind: polymorphic typing issue related to\ncom.zaxxer.hikari.HikariConfig (CVE-2019-14540)\n\n* jackson-databind: polymorphic typing issue related to\ncom.zaxxer.hikari.HikariDataSource (CVE-2019-16335)\n\n* jackson-databind: Polymorphic typing issue related to logback/JNDI\n(CVE-2019-14439)\n\n* jackson-databind: Serialization gadgets in classes of the ehcache package\n(CVE-2019-17267)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-14439\nhttps://access.redhat.com/security/cve/CVE-2019-14540\nhttps://access.redhat.com/security/cve/CVE-2019-16335\nhttps://access.redhat.com/security/cve/CVE-2019-17267\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.streams\u0026downloadType=distributions\u0026version=1.3.0\nhttps://access.redhat.com/products/red-hat-amq#streams\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXbFsi9zjgjWX9erEAQjT6Q/+JDAvWImEvDZuahMo6spY5gcZgEn/A2KH\n7JuCSBx+s0gW9NEIVp0emqW0dguTMmvQCqOhskE91kis6C9oJORlRPz7HqYaOGve\n7pf0fwwQREb0VRYqXtXIYgQv+ugU+/m5bSaniSvO0S3iPLqdiANV/r7qoDqPPtOH\ndkVthpaYgtx7F4myG8DvVoAUzCfpxKsKdol/riYnp/rhmnEVrJAH5EuVbGtECj7p\nf4Qv+MSd2ebO0oDe9Lqjjv3bc7RTwdRsCZywfwHLQSC7S2vJyiXFGCtdS9fYBdgb\nobNjp8G+2hZ+prO0Xg+RfKeT6/3aUK5hmV/Az5Ip4AeP0a60WvBz+yhU5wd1WRX9\ndxEb72pTG2r1ctHvYBTT3Qn2qB3fm0IRI9HfG7sRWtTXEGO2l9FN/zSDshockiJa\njM26U3ePwqpcl6QAAe9HJBAzTcxw2Gf7ubyvmsizyueFddAmqOP+PnVqxMRntXrH\nA1sPw/Y06KATBUxkGpEY4KriJSiJU1Z2QmiAMlOa4Z+D5fAJh73BWZnLoYyPoLac\njYg91xqmw2692d+ZAEmnBZRiWYY7IfqeesM+KzIuGYpsk2c8imXRv6/+KpqAW45l\nSgloiZiayL0WlYmF2+WUvhtH/lmzpfOnI96OJFruKHusAEVLgxj9kic5G02JteP+\nhgNap4AeRy4=\n=W3XT\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2019-14439" }, { "db": "JVNDB", "id": "JVNDB-2019-007320" }, { "db": "VULHUB", "id": "VHN-146385" }, { "db": "VULMON", "id": "CVE-2019-14439" }, { "db": "PACKETSTORM", "id": "154744" }, { "db": "PACKETSTORM", "id": "156941" }, { "db": "PACKETSTORM", "id": "154966" } ], "trust": 2.07 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-14439", "trust": 2.9 }, { "db": "JVNDB", "id": "JVNDB-2019-007320", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201907-1500", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "154744", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "156941", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.4588", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3734", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1440", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3074", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1076", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0381", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4323", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "NSFOCUS", "id": "48753", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "154966", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-146385", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2019-14439", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-146385" }, { "db": "VULMON", "id": "CVE-2019-14439" }, { "db": "JVNDB", "id": "JVNDB-2019-007320" }, { "db": "PACKETSTORM", "id": "154744" }, { "db": "PACKETSTORM", "id": "156941" }, { "db": "PACKETSTORM", "id": "154966" }, { "db": "CNNVD", "id": "CNNVD-201907-1500" }, { "db": "NVD", "id": "CVE-2019-14439" } ] }, "id": "VAR-201907-0769", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-146385" } ], "trust": 0.01 }, "last_update_date": "2024-02-12T22:34:26.362000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Backport #2387, #2389 fixes", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b" }, { "title": "Comparing changes", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2" }, { "title": "Block one more gadget type (logback CVE-2019-14439) #2389", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2389" }, { "title": "FasterXML jackson-databind Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95622" }, { "title": "Red Hat: Moderate: Red Hat AMQ Streams 1.3.0 release and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193200 - security advisory" }, { "title": "Debian Security Advisories: DSA-4542-1 jackson-databind -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=f31b1db7c71765499d60aaac6a033d4d" }, { "title": "Red Hat: Important: Red Hat Fuse 7.6.0 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200983 - security advisory" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-109" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109" }, { "title": "CVE-2019-14439", "trust": 0.1, "url": "https://github.com/jas502n/cve-2019-14439 " }, { "title": "commons\nReleases\nDevelopment tools", "trust": 0.1, "url": "https://github.com/heike2718/commons " }, { "title": "Update: this project was discontinued due to Covid-19, that lead to a shift in priorities.\nMy process\nReferences and links I use", "trust": 0.1, "url": "https://github.com/galimba/jackson-deserialization-poc " }, { "title": "A2:2017 Broken Authentication\nA5:2017 Broken Access Control\nA3:2017 Sensitive Data Exposure\nA6:2017 Security Misconfiguration\nA9:2017 Using Components with Known Vulnerabilities\nA10:2017 Insufficient Logging \u0026 Monitoring", "trust": 0.1, "url": "https://github.com/ilmari666/cybsec " }, { "title": "PHunter", "trust": 0.1, "url": "https://github.com/anonymous-phunter/phunter " }, { "title": "PHunter", "trust": 0.1, "url": "https://github.com/cgcl-codes/phunter " }, { "title": "PoC in GitHub", "trust": 0.1, "url": "https://github.com/developer3000s/poc-in-github " }, { "title": "PoC in GitHub", "trust": 0.1, "url": "https://github.com/hectorgie/poc-in-github " }, { "title": "PoC in GitHub", "trust": 0.1, "url": "https://github.com/0xt11/cve-poc " } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-14439" }, { "db": "JVNDB", "id": "JVNDB-2019-007320" }, { "db": "CNNVD", "id": "CNNVD-201907-1500" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.1 }, { "problemtype": "CWE-200", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-146385" }, { "db": "JVNDB", "id": "JVNDB-2019-007320" }, { "db": "NVD", "id": "CVE-2019-14439" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://www.debian.org/security/2019/dsa-4542" }, { "trust": 2.4, "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html" }, { "trust": 2.0, "url": "https://access.redhat.com/errata/rhsa-2019:3200" }, { "trust": 1.8, "url": "https://seclists.org/bugtraq/2019/oct/6" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20190814-0001/" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2389" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "trust": 1.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14439" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3cdev.struts.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3cdev.tomee.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3ccommits.cassandra.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ovrzdn2t6az6djczj3vsiqivhbvmvwbl/" }, { "trust": 1.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/txrvxnrfhjsqwfhprjqri5upmz63b544/" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3ccommits.nifi.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3ccommits.nifi.apache.org%3e" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14439" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ovrzdn2t6az6djczj3vsiqivhbvmvwbl/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/txrvxnrfhjsqwfhprjqri5upmz63b544/" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3ccommits.cassandra.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3ccommits.nifi.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3ccommits.nifi.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3cdev.struts.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3cdev.tomee.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3cdev.tomee.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3cdev.tomee.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3cdev.tomee.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3cdev.tomee.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3cdev.tomee.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3cdev.tomee.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3cdev.tomee.apache.org%3e" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1118283" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1086039" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1285282" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3074/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/48753" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1074897" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4588/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4323/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/154744/debian-security-advisory-4542-1.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-ibm-network-performance-insight-cve-2019-14379-cve-2019-17531-cve-2019-14439-and-cve-2019-14540/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3734/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/jackson-databind-information-disclosure-via-polymorphic-typing-30022" }, { "trust": 0.6, "url": "https://supportcontent.ibm.com/support/pages/node/1079409" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0381/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1076/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1106763" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1440/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities-2/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1125345" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2019-16943-cve-2019-16942-cve-2019-17531-cve-2019-17267-cve-2019-14540-cve-2019-163/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12384" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14439" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/jas502n/cve-2019-14439" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/jackson-databind" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-9251" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10184" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11771" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5427" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9512" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9514" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12422" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3888" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9517" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9515" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5929" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12422" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9516" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9518" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11272" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17570" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3888" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9513" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17570" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.6.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-5929" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11771" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3802" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12814" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10184" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-15756" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5427" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15756" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-16012" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10174" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12384" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11272" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3802" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12814" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16012" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:0983" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14379" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16335" }, { "trust": 0.1, "url": "https://access.redhat.com/products/red-hat-amq#streams" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14540" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq.streams\u0026downloadtype=distributions\u0026version=1.3.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17267" } ], "sources": [ { "db": "VULHUB", "id": "VHN-146385" }, { "db": "VULMON", "id": "CVE-2019-14439" }, { "db": "JVNDB", "id": "JVNDB-2019-007320" }, { "db": "PACKETSTORM", "id": "154744" }, { "db": "PACKETSTORM", "id": "156941" }, { "db": "PACKETSTORM", "id": "154966" }, { "db": "CNNVD", "id": "CNNVD-201907-1500" }, { "db": "NVD", "id": "CVE-2019-14439" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-146385" }, { "db": "VULMON", "id": "CVE-2019-14439" }, { "db": "JVNDB", "id": "JVNDB-2019-007320" }, { "db": "PACKETSTORM", "id": "154744" }, { "db": "PACKETSTORM", "id": "156941" }, { "db": "PACKETSTORM", "id": "154966" }, { "db": "CNNVD", "id": "CNNVD-201907-1500" }, { "db": "NVD", "id": "CVE-2019-14439" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-07-30T00:00:00", "db": "VULHUB", "id": "VHN-146385" }, { "date": "2019-07-30T00:00:00", "db": "VULMON", "id": "CVE-2019-14439" }, { "date": "2019-08-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-007320" }, { "date": "2019-10-07T14:37:34", "db": "PACKETSTORM", "id": "154744" }, { "date": "2020-03-27T13:16:40", "db": "PACKETSTORM", "id": "156941" }, { "date": "2019-10-24T18:54:01", "db": "PACKETSTORM", "id": "154966" }, { "date": "2019-07-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201907-1500" }, { "date": "2019-07-30T11:15:11.123000", "db": "NVD", "id": "CVE-2019-14439" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-28T00:00:00", "db": "VULHUB", "id": "VHN-146385" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2019-14439" }, { "date": "2019-08-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-007320" }, { "date": "2022-06-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201907-1500" }, { "date": "2023-11-07T03:04:55.457000", "db": "NVD", "id": "CVE-2019-14439" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201907-1500" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind Vulnerable to information disclosure", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-007320" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201907-1500" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202101-1932">var-202101-1932</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>===================================================================== Red Hat Security Advisory</p> <p>Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================</p> <ol> <li>Summary:</li> </ol> <p>Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Description:</li> </ol> <p>Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. </p> <ol> <li>Solution:</li> </ol> <p>This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:</p> <p>https://access.redhat.com/errata/RHBA-2021:1232</p> <p>All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor</p> <p>For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:</p> <p>https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html</p> <p>Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:</p> <p>https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):</p> <p>LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"</p> <p>5</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202101-1932" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202101-1932" aria-expanded="false" aria-controls="collapseJsonvar-202101-1932"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202101-1932&t=Vulnerability var-202101-1932" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202101-1932&title=Vulnerability var-202101-1932" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202101-1932&url=https://vulnerability.circl.lu/vuln/var-202101-1932" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202101-1932&title=Vulnerability var-202101-1932" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202101-1932&description=Vulnerability var-202101-1932" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202101-1932&title=Vulnerability var-202101-1932" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202101-1932')" vuln-id="var-202101-1932" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202101-1932"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202101-1932">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1932", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "communications policy management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.5.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "communications pricing design center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.0" }, { "model": "retail customer management and segmentation foundation", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "commerce platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.2" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.6.7.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.3.2" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.5.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "banking treasury management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3" }, { "model": "cloud backup", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "data integrator", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0.2" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.4.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "retail customer management and segmentation foundation", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "communications unified inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4.1" }, { "model": "communications convergent charging controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "insurance rules palette", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "goldengate application adapters", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1.0.0.0" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "communications diameter signaling route", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.5.0.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.0" }, { "model": "insurance rules palette", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "communications diameter signaling route", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "communications services gatekeeper", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.10" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0" }, { "model": "insurance policy administration", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "insurance policy administration", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12.0" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.2" }, { "model": "communications offline mediation controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3.1" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.11" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "communications cloud native core policy", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.14.0" }, { "model": "communications cloud native core unified data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.4.0" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.8" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.2.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0.4" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.0.0" }, { "model": "service level manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "commerce platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.5.0.23.0" }, { "model": "blockchain platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.1.2" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0.3" }, { "model": "insurance policy administration", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.11" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.1" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.4" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.6" }, { "model": "service level manager", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "jackson-databind", "scope": null, "trust": 0.8, "vendor": "fasterxml", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002836" }, { "db": "NVD", "id": "CVE-2020-36180" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.8", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.2", "versionStartIncluding": "11.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.10", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.11", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.0", "versionStartIncluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.5.0.0", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.4.0", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.1.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-36180" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202101-326" } ], "trust": 0.8 }, "cve": "CVE-2020-36180", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-36180", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-381447", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-36180", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-36180", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202101-326", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-381447", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-36180", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-381447" }, { "db": "VULMON", "id": "CVE-2020-36180" }, { "db": "JVNDB", "id": "JVNDB-2021-002836" }, { "db": "NVD", "id": "CVE-2020-36180" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-326" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2020-36180" }, { "db": "JVNDB", "id": "JVNDB-2021-002836" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-381447" }, { "db": "VULMON", "id": "CVE-2020-36180" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-36180", "trust": 2.8 }, { "db": "PACKETSTORM", "id": "162493", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162350", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-002836", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021110515", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021050708", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042826", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1397", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1437", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1573", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-326", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-381447", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-36180", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381447" }, { "db": "VULMON", "id": "CVE-2020-36180" }, { "db": "JVNDB", "id": "JVNDB-2021-002836" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36180" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-326" } ] }, "id": "VAR-202101-1932", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-381447" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:46:04.797000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "NTAP-20210205-0005", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138933" }, { "title": "IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "CVE-2020-36179", "trust": 0.1, "url": "https://github.com/al1ex/cve-2020-36179 " }, { "title": "Al1ex", "trust": 0.1, "url": "https://github.com/al1ex/al1ex " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-36180" }, { "db": "JVNDB", "id": "JVNDB-2021-002836" }, { "db": "CNNVD", "id": "CNNVD-202101-326" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.1 }, { "problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381447" }, { "db": "JVNDB", "id": "JVNDB-2021-002836" }, { "db": "NVD", "id": "CVE-2020-36180" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { "trust": 1.8, "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/3004" }, { "trust": 1.8, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180" }, { "trust": 0.7, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1437" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6455267" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021110515" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042826" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1397" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1573" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021050708" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19360" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20190" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14719" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35491" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36180" }, { "trust": 0.2, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36188" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36179" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36182" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24750" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36186" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14379" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://github.com/al1ex/cve-2020-36179" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1230" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2021:1232" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2163" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1515" } ], "sources": [ { "db": "VULHUB", "id": "VHN-381447" }, { "db": "VULMON", "id": "CVE-2020-36180" }, { "db": "JVNDB", "id": "JVNDB-2021-002836" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36180" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-326" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-381447" }, { "db": "VULMON", "id": "CVE-2020-36180" }, { "db": "JVNDB", "id": "JVNDB-2021-002836" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36180" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-326" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-07T00:00:00", "db": "VULHUB", "id": "VHN-381447" }, { "date": "2021-01-07T00:00:00", "db": "VULMON", "id": "CVE-2020-36180" }, { "date": "2021-10-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-002836" }, { "date": "2021-04-27T15:37:46", "db": "PACKETSTORM", "id": "162350" }, { "date": "2021-05-06T15:03:00", "db": "PACKETSTORM", "id": "162493" }, { "date": "2021-01-07T00:15:14.913000", "db": "NVD", "id": "CVE-2020-36180" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-01-06T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-326" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-02T00:00:00", "db": "VULHUB", "id": "VHN-381447" }, { "date": "2022-09-02T00:00:00", "db": "VULMON", "id": "CVE-2020-36180" }, { "date": "2021-10-06T01:05:00", "db": "JVNDB", "id": "JVNDB-2021-002836" }, { "date": "2023-09-13T14:56:32.590000", "db": "NVD", "id": "CVE-2020-36180" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-07-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-326" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-326" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002836" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202003-1779">var-202003-1779</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x prior to 2.9.10.4 due to insecure deserialization by org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aries.transaction.jms) . A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:</p> <p>Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. </p> <p>It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. </p> <p>Security Fix(es):</p> <ul> <li> <p>apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)</p> </li> <li> <p>cxf: does not restrict the number of message attachments (CVE-2019-12406)</p> </li> <li> <p>cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12419)</p> </li> <li> <p>hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)</p> </li> <li> <p>HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)</p> </li> <li> <p>HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)</p> </li> <li> <p>HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)</p> </li> <li> <p>HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)</p> </li> <li> <p>jackson-databind: Multiple serialization gadgets (CVE-2019-17531, CVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540, CVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2019-20330, CVE-2020-8840)</p> </li> <li> <p>jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672, CVE-2020-10673)</p> </li> <li> <p>keycloak: adapter endpoints are exposed via arbitrary URLs (CVE-2019-14820)</p> </li> <li> <p>keycloak: missing signatures validation on CRL used to verify client certificates (CVE-2019-3875)</p> </li> <li> <p>keycloak: SAML broker does not check existence of signature on document allowing any user impersonation (CVE-2019-10201)</p> </li> <li> <p>keycloak: CSRF check missing in My Resources functionality in the Account Console (CVE-2019-10199)</p> </li> <li> <p>keycloak: cross-realm user access auth bypass (CVE-2019-14832)</p> </li> <li> <p>netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)</p> </li> <li> <p>SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader (CVE-2020-1729)</p> </li> <li> <p>thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)</p> </li> <li> <p>thrift: Endless loop when feed with specific input data (CVE-2019-0205)</p> </li> <li> <p>undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888)</p> </li> <li> <p>wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887)</p> </li> <li> <p>wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default (CVE-2019-14838)</p> </li> <li> <p>xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source (CVE-2019-12400)</p> </li> </ul> <p>For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section. You must be logged in to download the update. Solution:</p> <p>Before applying this update, ensure all previously released errata relevant to your system have been applied. </p> <p>For details about how to apply this update, see:</p> <p>https://access.redhat.com/articles/11258</p> <ol> <li>JIRA issues fixed (https://issues.jboss.org/):</li> </ol> <p>JBEAP-18793 - <a href="7.3.z">GSS</a> Upgrade Hibernate ORM from 5.3.16 to 5.3.17 JBEAP-19095 - <a href="7.3.z">GSS</a> Upgrade wildfly-http-client from 1.0.20 to 1.0.21 JBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final JBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final JBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m JBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x JBEAP-19269 - <a href="7.3.z">GSS</a> Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final JBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1 JBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001 JBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001 JBEAP-19409 - Tracker bug for the EAP 7.3.2 release for RHEL-6 JBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. JBEAP-19564 - <a href="7.3.z">GSS</a> Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001 JBEAP-19585 - <a href="7.3.z">GSS</a> Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6 JBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001 JBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001 JBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final JBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final JBEAP-19874 - <a href="7.3.z">GSS</a> Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001</p> <ol> <li> <p>Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/</p> </li> <li> <p>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> </li> </ol> <p>==================================================================== <br /> Red Hat Security Advisory</p> <p>Synopsis: Important: Red Hat Data Grid 7.3.7 security update Advisory ID: RHSA-2020:3779-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2020:3779 Issue date: 2020-09-17 CVE Names: CVE-2017-7658 CVE-2019-10172 CVE-2020-1695 CVE-2020-1710 CVE-2020-1719 CVE-2020-1745 CVE-2020-1748 CVE-2020-1757 CVE-2020-8840 CVE-2020-9488 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10672 CVE-2020-10673 CVE-2020-10714 CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11612 CVE-2020-11619 CVE-2020-11620 ==================================================================== 1. Summary:</p> <p>An update for Red Hat Data Grid is now available. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Description:</li> </ol> <p>Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. </p> <p>This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. </p> <p>Security Fix(es):</p> <ul> <li> <p>jetty: Incorrect header handling (CVE-2017-7658)</p> </li> <li> <p>EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)</p> </li> <li> <p>undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)</p> </li> <li> <p>undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)</p> </li> <li> <p>jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)</p> </li> <li> <p>jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)</p> </li> <li> <p>jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)</p> </li> <li> <p>jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)</p> </li> <li> <p>jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)</p> </li> <li> <p>jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)</p> </li> <li> <p>jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)</p> </li> <li> <p>jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)</p> </li> <li> <p>jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)</p> </li> <li> <p>jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)</p> </li> <li> <p>jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)</p> </li> <li> <p>jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619)</p> </li> <li> <p>jackson-databind: Serialization gadgets in commons-jelly:commons-jelly (CVE-2020-11620)</p> </li> <li> <p>jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)</p> </li> <li> <p>resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)</p> </li> <li> <p>Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)</p> </li> <li> <p>Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)</p> </li> <li> <p>wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)</p> </li> <li> <p>netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)</p> </li> <li> <p>log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488)</p> </li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. </p> <ol> <li>Solution:</li> </ol> <p>To install this update, do the following:</p> <ol> <li>Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section. </li> <li>Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. </li> <li>Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions. </li> <li> <p>Restart Data Grid to ensure the changes take effect. </p> </li> <li> <p>Bugs fixed (https://bugzilla.redhat.com/):</p> </li> </ol> <p>1595621 - CVE-2017-7658 jetty: Incorrect header handling 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender</p> <ol> <li>References:</li> </ol> <p>https://access.redhat.com/security/cve/CVE-2017-7658 https://access.redhat.com/security/cve/CVE-2019-10172 https://access.redhat.com/security/cve/CVE-2020-1695 https://access.redhat.com/security/cve/CVE-2020-1710 https://access.redhat.com/security/cve/CVE-2020-1719 https://access.redhat.com/security/cve/CVE-2020-1745 https://access.redhat.com/security/cve/CVE-2020-1748 https://access.redhat.com/security/cve/CVE-2020-1757 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9488 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10672 https://access.redhat.com/security/cve/CVE-2020-10673 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11111 https://access.redhat.com/security/cve/CVE-2020-11112 https://access.redhat.com/security/cve/CVE-2020-11113 https://access.redhat.com/security/cve/CVE-2020-11612 https://access.redhat.com/security/cve/CVE-2020-11619 https://access.redhat.com/security/cve/CVE-2020-11620 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\xdata.grid&downloadType=securityPatches&version=7.3 https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBX2Nf/dzjgjWX9erEAQifjA/7BlSA2KK7e4RlxfRAP3Sj7xT+CRlFcOJn NVVI6DNpfZNtD/TJ4M5JFMP/yzKb+/FoaGVUexqiUxQBcrYsViZdfwfQ6PSwQgd8 5GAtC0NINGYmr0y7m6sKbAwAofnmCoEjNPjpdfLG632Err4vXDT9pGx1RNIrfS0A qaOSuf2BjZkD9A6Azroupq/ePmRnDBW4ovWF4ES415Pa5T7N4rmoyZ3UnGrbubmm GisjzhBbFyjL2wM1gMtqKlf5Qdre0XQIio4YLEnK1DaS7qLS36L04UJP9rwtB/nn aCOKZE/4Ch0gYcNlwniH4MK4Aiy/z/OGQopuhJoKFADJ3Y5lnJwCWDMjMKwWSj1G DvKG4uSIa8l2oxGQURThwxY1Jr7sbQTy2QXCVoyZj9oOKoGel+qJaGVFVnwsOpB7 MB8nPAuINZ91RR7xSBLv/AyoLnXV3dI97kOyTwEhld6THIwAUWqk+V2y7M6Onlx9 Pf+whfe0ORHzeCj/UBZh2NqcuShUpjdE9aLyYyefa2VV4t+0L4XlIfnlNuL8Ja7j wzLJlo/u8XMktoXRrBpMWZaCzcqN1+BTuQUXNZeqfNtgFmCgJVxp6tHyHni7flQq P2M8FaCyQHyQ1ggSljgZ66AEdiwatYpqOxR4yUyrKmsXt9iPsX45TdA9zSKmF2Sb PyKX8lLP6w8=n+2X -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:</p> <p>Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202003-1779" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202003-1779" aria-expanded="false" aria-controls="collapseJsonvar-202003-1779"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202003-1779&t=Vulnerability var-202003-1779" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202003-1779&title=Vulnerability var-202003-1779" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202003-1779&url=https://vulnerability.circl.lu/vuln/var-202003-1779" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202003-1779&title=Vulnerability var-202003-1779" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202003-1779&description=Vulnerability var-202003-1779" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202003-1779&title=Vulnerability var-202003-1779" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202003-1779')" vuln-id="var-202003-1779" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202003-1779"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202003-1779">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1779", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "insurance policy administration j2ee", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.1.0.15" }, { "model": "retail sales audit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.3" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.1" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "financial services price creation and discovery", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.2" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "communications network charging and control", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "12.0.3" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "financial services institutional performance analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "financial services analytical applications infrastructure", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.1.0" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "global lifecycle management opatch", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "12.2.0.1.20" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.4" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.4.2" }, { "model": "financial services retail customer analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications network charging and control", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "12.0.0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.0.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.5.0" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.4.2" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.2" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "financial services analytical applications infrastructure", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "banking platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "2.4.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.4.0.0" }, { "model": "insurance policy administration j2ee", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2.25" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.4.0" }, { "model": "banking platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "2.9.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.2" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "financial services institutional performance analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "financial services price creation and discovery", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "steelstore cloud integrated storage", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "communications calendar server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.1" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.0" }, { "model": "financial services institutional performance analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2020-10672" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.4", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.1.0", "versionStartIncluding": "8.0.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.0.3", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.9.0", "versionStartIncluding": "2.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.2.0.1.20", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-10672" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "158884" }, { "db": "PACKETSTORM", "id": "158889" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158916" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202003-1150" } ], "trust": 1.3 }, "cve": "CVE-2020-10672", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-163174", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-10672", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-10672", "trust": 1.0, "value": "HIGH" }, { "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "id": "CVE-2020-10672", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202003-1150", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-163174", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-10672", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-163174" }, { "db": "VULMON", "id": "CVE-2020-10672" }, { "db": "CNNVD", "id": "CNNVD-202003-1150" }, { "db": "NVD", "id": "CVE-2020-10672" }, { "db": "NVD", "id": "CVE-2020-10672" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x prior to 2.9.10.4 due to insecure deserialization by org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aries.transaction.jms) . A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nSecurity Fix(es):\n\n* apache-commons-beanutils: does not suppresses the class property in\nPropertyUtilsBean by default (CVE-2019-10086)\n\n* cxf: does not restrict the number of message attachments (CVE-2019-12406)\n\n* cxf: OpenId Connect token service does not properly validate the clientId\n(CVE-2019-12419)\n\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* jackson-databind: Multiple serialization gadgets (CVE-2019-17531,\nCVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540,\nCVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546,\nCVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968,\nCVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619,\nCVE-2020-11620, CVE-2019-20330, CVE-2020-8840)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command \nexecution (CVE-2020-10672, CVE-2020-10673)\n\n* keycloak: adapter endpoints are exposed via arbitrary URLs\n(CVE-2019-14820)\n\n* keycloak: missing signatures validation on CRL used to verify client\ncertificates (CVE-2019-3875)\n\n* keycloak: SAML broker does not check existence of signature on document\nallowing any user impersonation (CVE-2019-10201)\n\n* keycloak: CSRF check missing in My Resources functionality in the Account\nConsole (CVE-2019-10199)\n\n* keycloak: cross-realm user access auth bypass (CVE-2019-14832)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n\n* SmallRye: SecuritySupport class is incorrectly public and contains a\nstatic method to access the current threads context class loader\n(CVE-2020-1729)\n\n* thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* thrift: Endless loop when feed with specific input data (CVE-2019-0205)\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server\nlistening on HTTPS (CVE-2019-14888)\n\n* wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not\nrespected if OpenSSL security provider is in use (CVE-2019-14887)\n\n* wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and\n\u0027Deployer\u0027 user by default (CVE-2019-14838)\n\n* xml-security: Apache Santuario potentially loads XML parsing code from an\nuntrusted source (CVE-2019-12400)\n\nFor more details about the security issues and their impact, the CVSS\nscore, acknowledgements, and other related information, see the CVE pages\nlisted in the References section. You must be logged in to download the update. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18793 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.16 to 5.3.17\nJBEAP-19095 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.20 to 1.0.21\nJBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final\nJBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final\nJBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m\nJBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x\nJBEAP-19269 - [GSS](7.3.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final\nJBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1\nJBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001\nJBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001\nJBEAP-19409 - Tracker bug for the EAP 7.3.2 release for RHEL-6\nJBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. \nJBEAP-19564 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001\nJBEAP-19585 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6\nJBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001\nJBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001\nJBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final\nJBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final\nJBEAP-19874 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001\n\n7. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat Data Grid 7.3.7 security update\nAdvisory ID: RHSA-2020:3779-01\nProduct: Red Hat JBoss Data Grid\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3779\nIssue date: 2020-09-17\nCVE Names: CVE-2017-7658 CVE-2019-10172 CVE-2020-1695\n CVE-2020-1710 CVE-2020-1719 CVE-2020-1745\n CVE-2020-1748 CVE-2020-1757 CVE-2020-8840\n CVE-2020-9488 CVE-2020-9546 CVE-2020-9547\n CVE-2020-9548 CVE-2020-10672 CVE-2020-10673\n CVE-2020-10714 CVE-2020-10968 CVE-2020-10969\n CVE-2020-11111 CVE-2020-11112 CVE-2020-11113\n CVE-2020-11612 CVE-2020-11619 CVE-2020-11620\n====================================================================\n1. Summary:\n\nAn update for Red Hat Data Grid is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat\nData Grid 7.3.6 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. \n\nSecurity Fix(es):\n\n* jetty: Incorrect header handling (CVE-2017-7658)\n\n* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)\n\n* undertow: servletPath is normalized incorrectly leading to dangerous\napplication mapping which could result in security bypass (CVE-2020-1757)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n(CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config\n(CVE-2020-9546)\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in\norg.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)\n\n* jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n(CVE-2020-10969)\n\n* jackson-databind: Serialization gadgets in\norg.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)\n\n* jackson-databind: Serialization gadgets in\norg.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)\n\n* jackson-databind: Serialization gadgets in\norg.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)\n\n* jackson-databind: Serialization gadgets in org.springframework:spring-aop\n(CVE-2020-11619)\n\n* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n(CVE-2020-11620)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* resteasy: Improper validation of response header in\nMediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* Wildfly: EJBContext principal is not popped back after invoking another\nEJB using a different Security Domain (CVE-2020-1719)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when\nusing alternative protection domain (CVE-2020-1748)\n\n* wildfly-elytron: session fixation when using FORM authentication\n(CVE-2020-10714)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer\nallocation sizes (CVE-2020-11612)\n\n* log4j: improper validation of certificate with host mismatch in SMTP\nappender (CVE-2020-9488)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See\nthe download link in the References section. \n2. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. \n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. \n4. Restart Data Grid to ensure the changes take effect. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1595621 - CVE-2017-7658 jetty: Incorrect header handling\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-7658\nhttps://access.redhat.com/security/cve/CVE-2019-10172\nhttps://access.redhat.com/security/cve/CVE-2020-1695\nhttps://access.redhat.com/security/cve/CVE-2020-1710\nhttps://access.redhat.com/security/cve/CVE-2020-1719\nhttps://access.redhat.com/security/cve/CVE-2020-1745\nhttps://access.redhat.com/security/cve/CVE-2020-1748\nhttps://access.redhat.com/security/cve/CVE-2020-1757\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9488\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10672\nhttps://access.redhat.com/security/cve/CVE-2020-10673\nhttps://access.redhat.com/security/cve/CVE-2020-10714\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11111\nhttps://access.redhat.com/security/cve/CVE-2020-11112\nhttps://access.redhat.com/security/cve/CVE-2020-11113\nhttps://access.redhat.com/security/cve/CVE-2020-11612\nhttps://access.redhat.com/security/cve/CVE-2020-11619\nhttps://access.redhat.com/security/cve/CVE-2020-11620\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\\xdata.grid\u0026downloadType=securityPatches\u0026version=7.3\nhttps://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX2Nf/dzjgjWX9erEAQifjA/7BlSA2KK7e4RlxfRAP3Sj7xT+CRlFcOJn\nNVVI6DNpfZNtD/TJ4M5JFMP/yzKb+/FoaGVUexqiUxQBcrYsViZdfwfQ6PSwQgd8\n5GAtC0NINGYmr0y7m6sKbAwAofnmCoEjNPjpdfLG632Err4vXDT9pGx1RNIrfS0A\nqaOSuf2BjZkD9A6Azroupq/ePmRnDBW4ovWF4ES415Pa5T7N4rmoyZ3UnGrbubmm\nGisjzhBbFyjL2wM1gMtqKlf5Qdre0XQIio4YLEnK1DaS7qLS36L04UJP9rwtB/nn\naCOKZE/4Ch0gYcNlwniH4MK4Aiy/z/OGQopuhJoKFADJ3Y5lnJwCWDMjMKwWSj1G\nDvKG4uSIa8l2oxGQURThwxY1Jr7sbQTy2QXCVoyZj9oOKoGel+qJaGVFVnwsOpB7\nMB8nPAuINZ91RR7xSBLv/AyoLnXV3dI97kOyTwEhld6THIwAUWqk+V2y7M6Onlx9\nPf+whfe0ORHzeCj/UBZh2NqcuShUpjdE9aLyYyefa2VV4t+0L4XlIfnlNuL8Ja7j\nwzLJlo/u8XMktoXRrBpMWZaCzcqN1+BTuQUXNZeqfNtgFmCgJVxp6tHyHni7flQq\nP2M8FaCyQHyQ1ggSljgZ66AEdiwatYpqOxR4yUyrKmsXt9iPsX45TdA9zSKmF2Sb\nPyKX8lLP6w8=n+2X\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications", "sources": [ { "db": "NVD", "id": "CVE-2020-10672" }, { "db": "VULHUB", "id": "VHN-163174" }, { "db": "VULMON", "id": "CVE-2020-10672" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "158884" }, { "db": "PACKETSTORM", "id": "158889" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158916" }, { "db": "PACKETSTORM", "id": "159082" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-10672", "trust": 2.5 }, { "db": "PACKETSTORM", "id": "159208", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "158916", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "158636", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "159083", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "158651", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "158891", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-202003-1150", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2588", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2826", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1882", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2837", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1040", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1766", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2619", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3065", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3190", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "157859", "trust": 0.6 }, { "db": "NSFOCUS", "id": "48048", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "158884", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "158889", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "159082", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "158650", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "159080", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "159081", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158881", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-163174", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-10672", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "157741", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-163174" }, { "db": "VULMON", "id": "CVE-2020-10672" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "158884" }, { "db": "PACKETSTORM", "id": "158889" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158916" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202003-1150" }, { "db": "NVD", "id": "CVE-2020-10672" } ] }, "id": "VAR-202003-1779", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-163174" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:23:59.719000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FasterXML jackson-databind Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112628" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203461 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203463 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203462 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203464 - security advisory" }, { "title": "Red Hat: Important: Red Hat Single Sign-On 7.4.2 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203501 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203638 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203642 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203637 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203639 - security advisory" }, { "title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203779 - security advisory" }, { "title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 19 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202333 - security advisory" }, { "title": "IBM: Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affect IBM Sterling B2B Integrator", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9bb4efe27af18414a7db703d1dd40070" }, { "title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory" }, { "title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory" }, { "title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202067 - security advisory" }, { "title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "cubed", "trust": 0.1, "url": "https://github.com/yahoo/cubed " }, { "title": "Java-Deserialization-CVEs", "trust": 0.1, "url": "https://github.com/palindromelabs/java-deserialization-cves " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-10672" }, { "db": "CNNVD", "id": "CNNVD-202003-1150" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2020-10672" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20200403-0002/" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2659" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672" }, { "trust": 1.0, "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.8, "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.7, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2020-10672" }, { "trust": 0.7, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2020-10673" }, { "trust": 0.7, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.7, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.7, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158636/red-hat-security-advisory-2020-3192-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/157859/red-hat-security-advisory-2020-2333-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2588/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2837/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2619/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158916/red-hat-security-advisory-2020-3501-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1766/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/48048" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1882/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158891/red-hat-security-advisory-2020-3463-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2826/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3190/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1040/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-privilege-escalation-via-xapooledconnectionfactory-31849" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3065/" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-10714" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-1710" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-1748" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-9547" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-9546" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-9548" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-8840" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10740" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10687" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10683" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10693" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10687" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10740" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10718" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10718" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11112" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11113" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-10968" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11619" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-10969" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11620" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11612" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11111" }, { "trust": 0.3, "url": "https://issues.jboss.org/):" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14297" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-14900" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/errata/rhsa-2020:3461" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9512" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12406" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9514" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9515" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-20330" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-7238" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1695" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14307" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-14307" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/palindromelabs/java-deserialization-cves" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14060" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13990" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14061" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20445" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1718" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9518" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20444" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3196" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14062" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16869" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12423" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16335" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3875" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14832" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16943" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2067" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17531" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0210" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10219" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14540" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10199" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9511" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10201" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1729" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17267" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0205" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14893" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14888" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12400" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14838" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14892" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14887" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14820" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3462" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1719" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10172" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9488" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=securitypatches\u0026version=7.3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3779" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1757" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7658" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-7658" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1745" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10758" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10758" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3501" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1728" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1728" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=securitypatches\u0026version=7.4" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-6950" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3638" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6950" } ], "sources": [ { "db": "VULHUB", "id": "VHN-163174" }, { "db": "VULMON", "id": "CVE-2020-10672" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "158884" }, { "db": "PACKETSTORM", "id": "158889" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158916" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202003-1150" }, { "db": "NVD", "id": "CVE-2020-10672" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-163174" }, { "db": "VULMON", "id": "CVE-2020-10672" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "158884" }, { "db": "PACKETSTORM", "id": "158889" }, { "db": "PACKETSTORM", "id": "159208" }, { "db": "PACKETSTORM", "id": "158916" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202003-1150" }, { "db": "NVD", "id": "CVE-2020-10672" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-18T00:00:00", "db": "VULHUB", "id": "VHN-163174" }, { "date": "2020-03-18T00:00:00", "db": "VULMON", "id": "CVE-2020-10672" }, { "date": "2020-07-29T17:52:58", "db": "PACKETSTORM", "id": "158650" }, { "date": "2020-05-18T16:42:53", "db": "PACKETSTORM", "id": "157741" }, { "date": "2020-08-17T17:34:41", "db": "PACKETSTORM", "id": "158884" }, { "date": "2020-08-17T17:43:07", "db": "PACKETSTORM", "id": "158889" }, { "date": "2020-09-17T14:07:40", "db": "PACKETSTORM", "id": "159208" }, { "date": "2020-08-19T16:44:13", "db": "PACKETSTORM", "id": "158916" }, { "date": "2020-09-07T16:39:28", "db": "PACKETSTORM", "id": "159082" }, { "date": "2020-03-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-1150" }, { "date": "2020-03-18T22:15:12.313000", "db": "NVD", "id": "CVE-2020-10672" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-07T00:00:00", "db": "VULHUB", "id": "VHN-163174" }, { "date": "2021-12-07T00:00:00", "db": "VULMON", "id": "CVE-2020-10672" }, { "date": "2022-06-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-1150" }, { "date": "2024-07-03T01:36:05.477000", "db": "NVD", "id": "CVE-2020-10672" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "158884" }, { "db": "PACKETSTORM", "id": "158889" }, { "db": "PACKETSTORM", "id": "159082" }, { "db": "CNNVD", "id": "CNNVD-202003-1150" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind Security hole", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-1150" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-1150" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202203-1400">var-202203-1400</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Description:</p> <p>Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. </p> <p>Security Fix(es):</p> <ul> <li> <p>chart.js: prototype pollution (CVE-2020-7746)</p> </li> <li> <p>moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)</p> </li> <li> <p>package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 (CVE-2021-23436)</p> </li> <li> <p>artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)</p> </li> <li> <p>Business-central: Possible XML External Entity Injection attack (CVE-2022-2458)</p> </li> <li> <p>cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365)</p> </li> <li> <p>jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)</p> </li> <li> <p>jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)</p> </li> <li> <p>jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)</p> </li> <li> <p>Moment.js: Path traversal in moment.locale (CVE-2022-24785)</p> </li> <li> <p>org.drools-droolsjbpm-integration: minimist: prototype pollution (CVE-2021-44906)</p> </li> <li> <p>org.kie.workbench-kie-wb-common: minimist: prototype pollution (CVE-2021-44906)</p> </li> <li> <p>parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url (CVE-2022-0722)</p> </li> <li> <p>xercesimpl: xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)</p> </li> <li> <p>eventsource: Exposure of Sensitive Information (CVE-2022-1650)</p> </li> <li> <p>mysql-connector-java: Difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)</p> </li> <li> <p>node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)</p> </li> <li> <p>node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)</p> </li> <li> <p>node-forge: Signature verification leniency in checking <code>digestAlgorithm</code> structure can lead to signature forgery (CVE-2022-24771)</p> </li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:</p> <p>For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. </p> <p>Red Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process. </p> <p>The References section of this erratum contains a download link. You must log in to download the update. Bugs fixed (https://bugzilla.redhat.com/):</p> <p>2041833 - CVE-2021-23436 immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2047200 - CVE-2022-23437 xerces-j2: infinite loop when handling specially crafted XML document payloads 2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors 2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes 2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS 2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2066009 - CVE-2021-44906 minimist: prototype pollution 2067387 - CVE-2022-24771 node-forge: Signature verification leniency in checking <code>digestAlgorithm</code> structure can lead to signature forgery 2067458 - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale 2076133 - CVE-2022-1365 cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor 2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information 2096966 - CVE-2020-7746 chart.js: prototype pollution 2103584 - CVE-2022-0722 parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2107994 - CVE-2022-2458 Business-central: Possible XML External Entity Injection attack</p> <ol> <li>Description:</li> </ol> <p>Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Solution:</p> <p>Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):</p> <p>2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2039403 - CVE-2021-42392 h2: Remote Code Execution in Console 2040268 - CVE-2022-0225 keycloak: Stored XSS in groups dropdown 2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2101942 - CVE-2022-2256 keycloak: improper input validation permits script injection 2115392 - CVE-2022-2668 keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console</p> <ol> <li>Relevant releases/architectures:</li> </ol> <p>Red Hat Enterprise Linux AppStream (v. 9) - noarch</p> <ol> <li>Description:</li> </ol> <p>Jackson is a suite of data-processing tools for Java, including the flagship streaming JSON parser / generator library, matching data-binding library, and additional modules to process data encoded in various other data formats. </p> <p>Additional Changes:</p> <p>For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. Solution:</p> <p>For details on how to apply this update, which includes the changes described in this advisory, refer to:</p> <p>https://access.redhat.com/articles/11258</p> <ol> <li>Package List:</li> </ol> <p>Red Hat Enterprise Linux AppStream (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/</p> <ol> <li>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</li> </ol> <p>===================================================================== Red Hat Security Advisory</p> <p>Synopsis: Moderate: Red Hat Data Grid 8.3.1 security update Advisory ID: RHSA-2022:2232-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2022:2232 Issue date: 2022-05-12 CVE Names: CVE-2020-36518 CVE-2021-38153 CVE-2022-0084 =====================================================================</p> <ol> <li>Summary:</li> </ol> <p>An update for Red Hat Data Grid is now available. </p> <p>Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Description:</li> </ol> <p>Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. </p> <p>Data Grid 8.3.1 replaces Data Grid 8.3.0 and includes bug fixes and enhancements. Find out more about Data Grid 8.3.1 in the Release Notes[3]. </p> <p>Security Fix(es):</p> <ul> <li> <p>jackson-databind: denial of service via a large depth of nested objects [jdg-8] (CVE-2020-36518)</p> </li> <li> <p>kafka-clients: Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients [jdg-8] (CVE-2021-38153)</p> </li> <li> <p>xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr [jdg-8] (CVE-2022-0084)</p> </li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. </p> <ol> <li>Solution:</li> </ol> <p>To install this update, do the following:</p> <ol> <li>Download the Data Grid 8.3.1 Server patch from the customer portal[²]. </li> <li>Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. </li> <li>Install the Data Grid 8.3.1 Server patch. </li> <li>Restart Data Grid to ensure the changes take effect. </li> </ol> <p>For more information about Data Grid 8.3.1, refer to the 8.3.1 Release Notes[³]</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects</p> <ol> <li>References:</li> </ol> <p>https://access.redhat.com/security/cve/CVE-2020-36518 https://access.redhat.com/security/cve/CVE-2021-38153 https://access.redhat.com/security/cve/CVE-2022-0084 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid&downloadType=securityPatches&version=8.3 https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/index</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBYn0zH9zjgjWX9erEAQhZLw/+JPEE+waFwwS+b4v4/LLIwTjtFhXPqZYP WArn7i/vjG6ktOsZU397wdlik4Sv+tmPVX+aElmXLnTALJiOsm7iWjEjuT8qPhqt c2V9xN6vEQC7V1IXdwbUQwlkt3r40XbfhsGc4KKHjA8J5fWECwkByM5ofQ4j59jO lxpIPa5yRjCV8/4p7lKAXFYMeBInZtb8i4c7pYVnA9Eq+o2bRpV9P3/ES9q8xGF8 yVBC1Gt/fDZlmDznxlzUEih4HMxmW1uwQhZFHbw6jp6D0bYCn1wWrC6y7FYUmRJ6 /13BnHV27naz+xBGuSA6EB+AKmzlA85NyIimN2h63AT8VJb2IYv0vM2JMb0JRdK0 8SAE6hYmjodKxVcqANsBRiiea3vR9GTLN71zCXP8Pmk0dsI1GK29s574QuxUpKSQ YY8vXaL0K3j35IsGzmr7AvlYCQr1d3GPFaTnnj3XK+asRDMDrFvw8sCsNjLGRgHI dzZdcjpnIi3DXsp3ic1qRbZHpd9C/3o1r7hU++/nkkNNKXjGmzU+EAutaVHXxgLO XyuIIScDVb5kNrBpH5krzqU2TA31TFz0RGN5Am6vm8zc5rGyW7iMijAAreU8icgn Vt6KDpeDYuTffOBgo9WLR7kmo4xq7w94e1rDFxmGhL2OlsJI7S9gTxMhn/lONxTy IZnZKy4mPpA= =6Kqs -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):</p> <p>LOG-3250 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-3252 - [release-5.4]Adding Valid Subscription Annotation</p> <p>6</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202203-1400" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202203-1400" aria-expanded="false" aria-controls="collapseJsonvar-202203-1400"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202203-1400&t=Vulnerability var-202203-1400" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202203-1400&title=Vulnerability var-202203-1400" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202203-1400&url=https://vulnerability.circl.lu/vuln/var-202203-1400" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202203-1400&title=Vulnerability var-202203-1400" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202203-1400&description=Vulnerability var-202203-1400" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202203-1400&title=Vulnerability var-202203-1400" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202203-1400')" vuln-id="var-202203-1400" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202203-1400"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202203-1400">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1400", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.3.0.6.0" }, { "model": "financial services trade-based anti money laundering", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7" }, { "model": "communications cloud native core console", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.9.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.20.4" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "11.0" }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4.0.3.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "20.12.0" }, { "model": "communications cloud native core network repository function", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.2.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.25.4" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4.0.2.0" }, { "model": "financial services trade-based anti money laundering", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.8" }, { "model": "global lifecycle management nextgen oui framework", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "13.9.4.2.2" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "financial services analytical applications infrastructure", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1.2.1" }, { "model": "snap creator framework", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.3.2" }, { "model": "financial services analytical applications infrastructure", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.7" }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.3.1" }, { "model": "financial services enterprise case management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.8.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.3.0.5.0" }, { "model": "financial services behavior detection platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.1.2.1" }, { "model": "big data spatial and graph", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "23.1" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "financial services analytical applications infrastructure", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.1.0.0" }, { "model": "communications cloud native core unified data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.2.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "20.12.18" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.13.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.12.6.1" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.12.1" }, { "model": "coherence", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.1.0.0" }, { "model": "communications cloud native core network repository function", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.1.2" }, { "model": "financial services crime and compliance management studio", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.8.2.0" }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4.0.0.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0.0" }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4.0.5.0" }, { "model": "communications cloud native core service communication proxy", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.2.0" }, { "model": "communications cloud native core binding support function", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.1.3" }, { "model": "communications cloud native core security edge protection proxy", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.1.1" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.13.2.1" }, { "model": "financial services enterprise case management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.8.1" }, { "model": "sd-wan edge", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "financial services behavior detection platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.1.1.0" }, { "model": "communications cloud native core network slice selection function", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.1.1" }, { "model": "global lifecycle management opatch", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "12.2.0.1.30" }, { "model": "financial services crime and compliance management studio", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.8.3.0" }, { "model": "communications cloud native core network slice selection function", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.1.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.1.0.0" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.59" }, { "model": "sd-wan edge", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.1" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.14" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "20.12.0.0" }, { "model": "financial services enterprise case management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.1.2.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "model": "communications billing and revenue management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.6.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.19.0" }, { "model": "retail sales audit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3.1" }, { "model": "financial services analytical applications infrastructure", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1.2.0" }, { "model": "financial services behavior detection platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7.0.0" }, { "model": "financial services enterprise case management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7.2" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "21.12.0" }, { "model": "financial services behavior detection platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.8" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "health sciences empirica signal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.1.0.5.2" }, { "model": "spatial studio", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "20.1.0" }, { "model": "cloud insights acquisition unit", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "financial services enterprise case management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.1.1.0" }, { "model": "financial services analytical applications infrastructure", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1.1.0" }, { "model": "graph server and client", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "22.2.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.12" }, { "model": "active iq unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "financial services enterprise case management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7.1" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0.0" }, { "model": "global lifecycle management nextgen oui framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.9.4.2.2" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.13" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.11" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.12.4.0" }, { "model": "oncommand insight", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "communications billing and revenue management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.0" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.58" } ], "sources": [ { "db": "NVD", "id": "CVE-2020-36518" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.12.6.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.13.2.1", "versionStartIncluding": "2.13.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "23.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.0.0.6.0", "versionStartIncluding": "12.0.0.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.9.4.2.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.1.2.1", "versionStartIncluding": "8.1.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:15.0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "20.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "20.12.18", "versionStartIncluding": "20.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.13", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.12.1", "versionStartIncluding": "21.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.14", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.1.2.1", "versionStartIncluding": "8.1.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.25.4", "versionStartIncluding": "18.8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.19.0", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.1.0.0", "versionStartIncluding": "8.0.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.12.4.0", "versionStartIncluding": "20.12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.20.4", "versionStartIncluding": "17.12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.2.0.1.30", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "22.2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-36518" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "168333" }, { "db": "PACKETSTORM", "id": "168638" }, { "db": "PACKETSTORM", "id": "168631" }, { "db": "PACKETSTORM", "id": "172220" }, { "db": "PACKETSTORM", "id": "169729" }, { "db": "PACKETSTORM", "id": "169728" }, { "db": "PACKETSTORM", "id": "169725" }, { "db": "PACKETSTORM", "id": "167157" }, { "db": "PACKETSTORM", "id": "169920" } ], "trust": 0.9 }, "cve": "CVE-2020-36518", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-415522", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-36518", "trust": 1.0, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-415522", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-415522" }, { "db": "NVD", "id": "CVE-2020-36518" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. \n\nSecurity Fix(es):\n\n* chart.js: prototype pollution (CVE-2020-7746)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* package immer before 9.0.6. A type confusion vulnerability can lead to a\nbypass of CVE-2020-28477 (CVE-2021-23436)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Business-central: Possible XML External Entity Injection attack\n(CVE-2022-2458)\n\n* cross-fetch: Exposure of Private Personal Information to an Unauthorized\nActor (CVE-2022-1365)\n\n* jackson-databind: denial of service via a large depth of nested objects\n(CVE-2020-36518)\n\n* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability\n(CVE-2022-26520)\n\n* jdbc-postgresql: Unchecked Class Instantiation when providing Plugin\nClasses (CVE-2022-21724)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* org.drools-droolsjbpm-integration: minimist: prototype pollution\n(CVE-2021-44906)\n\n* org.kie.workbench-kie-wb-common: minimist: prototype pollution\n(CVE-2021-44906)\n\n* parse-url: Exposure of Sensitive Information to an Unauthorized Actor in\nGitHub repository ionicabizau/parse-url (CVE-2022-0722)\n\n* xercesimpl: xerces-j2: infinite loop when handling specially crafted XML\ndocument payloads (CVE-2022-23437)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows a high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Connectors (CVE-2022-21363)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* node-forge: Signature verification failing to check tailing garbage bytes\ncan lead to signature forgery (CVE-2022-24772)\n\n* node-forge: Signature verification leniency in checking `digestAlgorithm`\nstructure can lead to signature forgery (CVE-2022-24771)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor on-premise installations, before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on. \n\nRed Hat recommends that you halt the server by stopping the JBoss\nApplication Server process before installing this update. After installing\nthe update, restart the server by starting the JBoss Application Server\nprocess. \n\nThe References section of this erratum contains a download link. You must\nlog in to download the update. Bugs fixed (https://bugzilla.redhat.com/):\n\n2041833 - CVE-2021-23436 immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2047200 - CVE-2022-23437 xerces-j2: infinite loop when handling specially crafted XML document payloads\n2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors\n2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes\n2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS\n2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2066009 - CVE-2021-44906 minimist: prototype pollution\n2067387 - CVE-2022-24771 node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery\n2067458 - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery\n2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale\n2076133 - CVE-2022-1365 cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor\n2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information\n2096966 - CVE-2020-7746 chart.js: prototype pollution\n2103584 - CVE-2022-0722 parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2107994 - CVE-2022-2458 Business-central: Possible XML External Entity Injection attack\n\n5. Description:\n\nRed Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling\n2039403 - CVE-2021-42392 h2: Remote Code Execution in Console\n2040268 - CVE-2022-0225 keycloak: Stored XSS in groups dropdown\n2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled\n2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2101942 - CVE-2022-2256 keycloak: improper input validation permits script injection\n2115392 - CVE-2022-2668 keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console\n\n6. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - noarch\n\n3. Description:\n\nJackson is a suite of data-processing tools for Java, including the\nflagship streaming JSON parser / generator library, matching data-binding\nlibrary, and additional modules to process data encoded in various other\ndata formats. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 9.2 Release Notes linked from the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat Data Grid 8.3.1 security update\nAdvisory ID: RHSA-2022:2232-01\nProduct: Red Hat JBoss Data Grid\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:2232\nIssue date: 2022-05-12\nCVE Names: CVE-2020-36518 CVE-2021-38153 CVE-2022-0084 \n=====================================================================\n\n1. Summary:\n\nAn update for Red Hat Data Grid is now available. \n \nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. \nIt increases application response times and allows for dramatically\nimproving performance while providing availability, reliability, and\nelastic scale. \n \nData Grid 8.3.1 replaces Data Grid 8.3.0 and includes bug fixes and\nenhancements. Find out more about Data Grid 8.3.1 in the Release Notes[3]. \n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects\n[jdg-8] (CVE-2020-36518)\n\n* kafka-clients: Kafka: Timing Attack Vulnerability for Apache Kafka\nConnect and Clients [jdg-8] (CVE-2021-38153)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of\nstderr [jdg-8] (CVE-2022-0084)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nTo install this update, do the following:\n \n1. Download the Data Grid 8.3.1 Server patch from the customer portal[\u00b2]. \n2. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. \n3. Install the Data Grid 8.3.1 Server patch. \n4. Restart Data Grid to ensure the changes take effect. \n\nFor more information about Data Grid 8.3.1, refer to the 8.3.1 Release\nNotes[\u00b3]\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients\n2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-36518\nhttps://access.redhat.com/security/cve/CVE-2021-38153\nhttps://access.redhat.com/security/cve/CVE-2022-0084\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=securityPatches\u0026version=8.3\nhttps://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/index\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYn0zH9zjgjWX9erEAQhZLw/+JPEE+waFwwS+b4v4/LLIwTjtFhXPqZYP\nWArn7i/vjG6ktOsZU397wdlik4Sv+tmPVX+aElmXLnTALJiOsm7iWjEjuT8qPhqt\nc2V9xN6vEQC7V1IXdwbUQwlkt3r40XbfhsGc4KKHjA8J5fWECwkByM5ofQ4j59jO\nlxpIPa5yRjCV8/4p7lKAXFYMeBInZtb8i4c7pYVnA9Eq+o2bRpV9P3/ES9q8xGF8\nyVBC1Gt/fDZlmDznxlzUEih4HMxmW1uwQhZFHbw6jp6D0bYCn1wWrC6y7FYUmRJ6\n/13BnHV27naz+xBGuSA6EB+AKmzlA85NyIimN2h63AT8VJb2IYv0vM2JMb0JRdK0\n8SAE6hYmjodKxVcqANsBRiiea3vR9GTLN71zCXP8Pmk0dsI1GK29s574QuxUpKSQ\nYY8vXaL0K3j35IsGzmr7AvlYCQr1d3GPFaTnnj3XK+asRDMDrFvw8sCsNjLGRgHI\ndzZdcjpnIi3DXsp3ic1qRbZHpd9C/3o1r7hU++/nkkNNKXjGmzU+EAutaVHXxgLO\nXyuIIScDVb5kNrBpH5krzqU2TA31TFz0RGN5Am6vm8zc5rGyW7iMijAAreU8icgn\nVt6KDpeDYuTffOBgo9WLR7kmo4xq7w94e1rDFxmGhL2OlsJI7S9gTxMhn/lONxTy\nIZnZKy4mPpA=\n=6Kqs\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-3250 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated. \nLOG-3252 - [release-5.4]Adding Valid Subscription Annotation\n\n6", "sources": [ { "db": "NVD", "id": "CVE-2020-36518" }, { "db": "VULHUB", "id": "VHN-415522" }, { "db": "PACKETSTORM", "id": "168333" }, { "db": "PACKETSTORM", "id": "168638" }, { "db": "PACKETSTORM", "id": "168631" }, { "db": "PACKETSTORM", "id": "172220" }, { "db": "PACKETSTORM", "id": "169729" }, { "db": "PACKETSTORM", "id": "169728" }, { "db": "PACKETSTORM", "id": "169725" }, { "db": "PACKETSTORM", "id": "167157" }, { "db": "PACKETSTORM", "id": "169920" } ], "trust": 1.8 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-415522", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-415522" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-36518", "trust": 2.0 }, { "db": "PACKETSTORM", "id": "169920", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "169728", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "168333", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "169725", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "167157", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "169729", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "168631", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "168646", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "170179", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "170602", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167842", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167841", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "170162", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169727", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167579", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169926", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167422", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167423", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167523", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167424", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-415522", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "168638", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "172220", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-415522" }, { "db": "PACKETSTORM", "id": "168333" }, { "db": "PACKETSTORM", "id": "168638" }, { "db": "PACKETSTORM", "id": "168631" }, { "db": "PACKETSTORM", "id": "172220" }, { "db": "PACKETSTORM", "id": "169729" }, { "db": "PACKETSTORM", "id": "169728" }, { "db": "PACKETSTORM", "id": "169725" }, { "db": "PACKETSTORM", "id": "167157" }, { "db": "PACKETSTORM", "id": "169920" }, { "db": "NVD", "id": "CVE-2020-36518" } ] }, "id": "VAR-202203-1400", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-415522" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T22:05:19.247000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-415522" }, { "db": "NVD", "id": "CVE-2020-36518" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20220506-0004/" }, { "trust": 1.1, "url": "https://www.debian.org/security/2022/dsa-5283" }, { "trust": 1.1, "url": "https://github.com/fasterxml/jackson-databind/issues/2816" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.1, "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html" }, { "trust": 1.1, "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36518" }, { "trust": 0.9, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2020-36518" }, { "trust": 0.9, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.9, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.8, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.6, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0084" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2022-0084" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0225" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2668" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-0866" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-2668" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-43797" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-0225" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42392" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0866" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43797" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-42392" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-38153" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38153" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22137" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3629" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27223" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9492" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22132" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28164" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28165" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28165" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-40690" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2471" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22132" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28164" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20289" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:6407" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-37714" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3629" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3520" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3520" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-2471" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28163" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20289" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37714" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27223" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version=2022-q3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22137" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9492" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24771" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23913" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23437" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-31129" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-21724" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23436" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-21363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7746" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1365" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44906" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0722" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0235" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23436" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1365" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24785" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1650" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26520" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23437" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-44906" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23913" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24771" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2458" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21363" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:6813" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2458" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24772" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7746" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21724" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0722" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1650" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2256" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2256" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:6782" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2023:2312" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:7410" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:7409" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:7411" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=data.grid\u0026downloadtype=securitypatches\u0026version=8.3" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/index" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:2232" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35525" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22624" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22662" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3709" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-42004" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:7435" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26709" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2509" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26710" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-32149" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1304" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-3515" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-42003" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2509" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-30293" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26716" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22628" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22629" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26700" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26717" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-37434" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-40674" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35527" } ], "sources": [ { "db": "VULHUB", "id": "VHN-415522" }, { "db": "PACKETSTORM", "id": "168333" }, { "db": "PACKETSTORM", "id": "168638" }, { "db": "PACKETSTORM", "id": "168631" }, { "db": "PACKETSTORM", "id": "172220" }, { "db": "PACKETSTORM", "id": "169729" }, { "db": "PACKETSTORM", "id": "169728" }, { "db": "PACKETSTORM", "id": "169725" }, { "db": "PACKETSTORM", "id": "167157" }, { "db": "PACKETSTORM", "id": "169920" }, { "db": "NVD", "id": "CVE-2020-36518" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-415522" }, { "db": "PACKETSTORM", "id": "168333" }, { "db": "PACKETSTORM", "id": "168638" }, { "db": "PACKETSTORM", "id": "168631" }, { "db": "PACKETSTORM", "id": "172220" }, { "db": "PACKETSTORM", "id": "169729" }, { "db": "PACKETSTORM", "id": "169728" }, { "db": "PACKETSTORM", "id": "169725" }, { "db": "PACKETSTORM", "id": "167157" }, { "db": "PACKETSTORM", "id": "169920" }, { "db": "NVD", "id": "CVE-2020-36518" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-03-11T00:00:00", "db": "VULHUB", "id": "VHN-415522" }, { "date": "2022-09-09T16:15:16", "db": "PACKETSTORM", "id": "168333" }, { "date": "2022-10-06T12:37:43", "db": "PACKETSTORM", "id": "168638" }, { "date": "2022-10-05T14:27:31", "db": "PACKETSTORM", "id": "168631" }, { "date": "2023-05-09T15:20:56", "db": "PACKETSTORM", "id": "172220" }, { "date": "2022-11-04T13:44:06", "db": "PACKETSTORM", "id": "169729" }, { "date": "2022-11-04T13:43:56", "db": "PACKETSTORM", "id": "169728" }, { "date": "2022-11-04T13:43:17", "db": "PACKETSTORM", "id": "169725" }, { "date": "2022-05-12T16:34:47", "db": "PACKETSTORM", "id": "167157" }, { "date": "2022-11-17T13:23:05", "db": "PACKETSTORM", "id": "169920" }, { "date": "2022-03-11T07:15:07.800000", "db": "NVD", "id": "CVE-2020-36518" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-11-29T00:00:00", "db": "VULHUB", "id": "VHN-415522" }, { "date": "2022-11-29T22:12:38.183000", "db": "NVD", "id": "CVE-2020-36518" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat Security Advisory 2022-6407-01", "sources": [ { "db": "PACKETSTORM", "id": "168333" } ], "trust": 0.1 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code execution, xss", "sources": [ { "db": "PACKETSTORM", "id": "168631" }, { "db": "PACKETSTORM", "id": "169729" }, { "db": "PACKETSTORM", "id": "169728" }, { "db": "PACKETSTORM", "id": "169725" } ], "trust": 0.4 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202101-1936">var-202101-1936</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>===================================================================== Red Hat Security Advisory</p> <p>Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================</p> <ol> <li>Summary:</li> </ol> <p>Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Description:</li> </ol> <p>Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. </p> <ol> <li>Solution:</li> </ol> <p>This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:</p> <p>https://access.redhat.com/errata/RHBA-2021:1232</p> <p>All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor</p> <p>For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:</p> <p>https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html</p> <p>Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:</p> <p>https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):</p> <p>LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"</p> <p>5</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202101-1936" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202101-1936" aria-expanded="false" aria-controls="collapseJsonvar-202101-1936"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202101-1936&t=Vulnerability var-202101-1936" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202101-1936&title=Vulnerability var-202101-1936" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202101-1936&url=https://vulnerability.circl.lu/vuln/var-202101-1936" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202101-1936&title=Vulnerability var-202101-1936" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202101-1936&description=Vulnerability var-202101-1936" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202101-1936&title=Vulnerability var-202101-1936" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202101-1936')" vuln-id="var-202101-1936" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202101-1936"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202101-1936">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1936", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "communications policy management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.5.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "communications pricing design center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.0" }, { "model": "retail customer management and segmentation foundation", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "commerce platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.2" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.6.7.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.3.2" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.5.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "banking treasury management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3" }, { "model": "cloud backup", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "data integrator", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0.2" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.4.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "retail customer management and segmentation foundation", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "communications unified inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4.1" }, { "model": "communications convergent charging controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "insurance rules palette", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "goldengate application adapters", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1.0.0.0" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "communications diameter signaling route", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.5.0.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.0" }, { "model": "insurance rules palette", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "communications diameter signaling route", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "communications services gatekeeper", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.10" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0" }, { "model": "insurance policy administration", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "insurance policy administration", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12.0" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.2" }, { "model": "communications offline mediation controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3.1" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.11" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "communications cloud native core policy", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.14.0" }, { "model": "communications cloud native core unified data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.4.0" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.8" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.0.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.2.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0.4" }, { "model": "service level manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "commerce platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.5.0.23.0" }, { "model": "blockchain platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.1.2" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0.3" }, { "model": "insurance policy administration", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.11" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.1" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.4" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.6" }, { "model": "service level manager", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "jackson-databind", "scope": null, "trust": 0.8, "vendor": "fasterxml", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015590" }, { "db": "NVD", "id": "CVE-2020-36186" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.8", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.2", "versionStartIncluding": "11.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.10", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.11", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.0", "versionStartIncluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.5.0.0", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.4.0", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.1.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-36186" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202101-333" } ], "trust": 0.8 }, "cve": "CVE-2020-36186", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-36186", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-381453", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-36186", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-36186", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202101-333", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-381453", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-36186", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-381453" }, { "db": "VULMON", "id": "CVE-2020-36186" }, { "db": "JVNDB", "id": "JVNDB-2020-015590" }, { "db": "NVD", "id": "CVE-2020-36186" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-333" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2020-36186" }, { "db": "JVNDB", "id": "JVNDB-2020-015590" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-381453" }, { "db": "VULMON", "id": "CVE-2020-36186" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-36186", "trust": 2.8 }, { "db": "PACKETSTORM", "id": "162493", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162350", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015590", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021110515", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021050708", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042826", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1397", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1437", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1573", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-333", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-381453", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-36186", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381453" }, { "db": "VULMON", "id": "CVE-2020-36186" }, { "db": "JVNDB", "id": "JVNDB-2020-015590" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36186" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-333" } ] }, "id": "VAR-202101-1936", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-381453" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T10:59:46.665000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "NTAP-20210205-0005", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138939" }, { "title": "IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "Al1ex", "trust": 0.1, "url": "https://github.com/al1ex/al1ex " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-36186" }, { "db": "JVNDB", "id": "JVNDB-2020-015590" }, { "db": "CNNVD", "id": "CNNVD-202101-333" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.1 }, { "problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381453" }, { "db": "JVNDB", "id": "JVNDB-2020-015590" }, { "db": "NVD", "id": "CVE-2020-36186" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { "trust": 1.8, "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2997" }, { "trust": 1.8, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186" }, { "trust": 0.7, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1437" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6455267" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021110515" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042826" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1397" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1573" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021050708" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19360" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20190" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14719" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35491" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36180" }, { "trust": 0.2, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36188" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36179" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36182" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24750" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36186" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14379" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/al1ex/al1ex" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1230" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2021:1232" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2163" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1515" } ], "sources": [ { "db": "VULHUB", "id": "VHN-381453" }, { "db": "VULMON", "id": "CVE-2020-36186" }, { "db": "JVNDB", "id": "JVNDB-2020-015590" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36186" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-333" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-381453" }, { "db": "VULMON", "id": "CVE-2020-36186" }, { "db": "JVNDB", "id": "JVNDB-2020-015590" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36186" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-333" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-06T00:00:00", "db": "VULHUB", "id": "VHN-381453" }, { "date": "2021-01-06T00:00:00", "db": "VULMON", "id": "CVE-2020-36186" }, { "date": "2021-10-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015590" }, { "date": "2021-04-27T15:37:46", "db": "PACKETSTORM", "id": "162350" }, { "date": "2021-05-06T15:03:00", "db": "PACKETSTORM", "id": "162493" }, { "date": "2021-01-06T23:15:13.123000", "db": "NVD", "id": "CVE-2020-36186" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-01-06T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-333" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-02T00:00:00", "db": "VULHUB", "id": "VHN-381453" }, { "date": "2022-09-02T00:00:00", "db": "VULMON", "id": "CVE-2020-36186" }, { "date": "2021-10-06T01:05:00", "db": "JVNDB", "id": "JVNDB-2020-015590" }, { "date": "2023-09-13T14:57:19.297000", "db": "NVD", "id": "CVE-2020-36186" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-07-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-333" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-333" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015590" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202006-1825">var-202006-1825</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.5. An attacker could exploit this vulnerability to execute arbitrary code on the system by sending specially crafted input. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>==================================================================== <br /> Red Hat Security Advisory</p> <p>Synopsis: Important: Satellite 6.8 release Advisory ID: RHSA-2020:4366-01 Product: Red Hat Satellite 6 Advisory URL: https://access.redhat.com/errata/RHSA-2020:4366 Issue date: 2020-10-27 CVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781 CVE-2019-16782 CVE-2020-5216 CVE-2020-5217 CVE-2020-5267 CVE-2020-7238 CVE-2020-7663 CVE-2020-7942 CVE-2020-7943 CVE-2020-8161 CVE-2020-8184 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10693 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195 CVE-2020-14334 CVE-2020-14380 ==================================================================== 1. Summary:</p> <p>An update is now available for Red Hat Satellite 6.8 for RHEL 7. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Relevant releases/architectures:</li> </ol> <p>Red Hat Satellite 6.7 - noarch, x86_64 Red Hat Satellite Capsule 6.8 - noarch, x86_64</p> <ol> <li>Description:</li> </ol> <p>Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. </p> <p>Security Fix(es):</p> <ul> <li>mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) (CVE-2018-3258)</li> <li>netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)</li> <li>rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7663)</li> <li>puppet: puppet server and puppetDB may leak sensitive information via metrics API (CVE-2020-7943)</li> <li>jackson-databind: multiple serialization gadgets (CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)</li> <li>foreman: unauthorized cache read on RPM-based installations through local user (CVE-2020-14334)</li> <li>Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover (CVE-2020-14380)</li> <li>Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS (CVE-2019-12781)</li> <li>rubygem-rack: hijack sessions by using timing attacks targeting the session id (CVE-2019-16782)</li> <li>rubygem-secure_headers: limited header injection when using dynamic overrides with user input (CVE-2020-5216)</li> <li>rubygem-secure_headers: directive injection when using dynamic overrides with user input (CVE-2020-5217)</li> <li>rubygem-actionview: views that use the <code>j</code> or <code>escape_javascript</code> methods are susceptible to XSS attacks (CVE-2020-5267)</li> <li>puppet: Arbitrary catalog retrieval (CVE-2020-7942)</li> <li>rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)</li> <li>rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names (CVE-2020-8184)</li> <li>hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)</li> <li>puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL (CVE-2018-11751)</li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. </p> <p>Additional Changes:</p> <ul> <li> <p>Provides the Satellite Ansible Modules that allow for full automation of your Satellite configuration and deployment. </p> </li> <li> <p>Adds ability to install Satellite and Capsules and manage hosts in a IPv6 network environment</p> </li> <li> <p>Ansible based Capsule Upgrade automation: Ability to centrally upgrade all of your Capsule servers with a single job execution. </p> </li> <li> <p>Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest version of Puppet</p> </li> <li> <p>Support for HTTP UEFI provisioning</p> </li> <li> <p>Support for CAC card authentication with Keycloak integration</p> </li> <li> <p>Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8 using the LEAPP based tooling. </p> </li> <li> <p>Support for Red Hat Enterprise Linux Traces integration</p> </li> <li> <p>satellite-maintain & foreman-maintain are now self updating</p> </li> <li> <p>Notifications in the UI to warn users when subscriptions are expiring. </p> </li> </ul> <p>The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. </p> <ol> <li>Solution:</li> </ol> <p>Before applying this update, make sure all previously released errata relevant to your system have been applied. </p> <p>For details on how to apply this update, refer to:</p> <p>https://access.redhat.com/articles/11258</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1160344 - [RFE] Satellite support for cname as alternate cname for satellite server 1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems 1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy 1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt 1398317 - For the vms built by Satellite 6 using "Network Based" installation mode on VMWare, unable to change the boot sequence via BIOS 1410616 - [RFE] Prominent notification of expiring subscriptions. 1410916 - Should only be able to add repositories you have access to 1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3 1461781 - [RFE]A button should be available in the GUI to clear the recurring logics. 1469267 - need updated rubygem-rake 1486446 - Content view versions list has slow query for package count 1486696 - 'hammer host update' removes existing host parameters 1494180 - Sorting by network address for subnet doesn't work properly 1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost 1503037 - [RFE] Cancelled future/recurring job invocations should not get the status "failed" but rather "cancelled" 1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for "172.17.0.101" 1531674 - Operating System Templates are ordered inconsistently in UI. 1537320 - [RFE] Support for Capsules at 1 version lower than Satellite 1543316 - Satellite 6.2 Upgrade Fails with error "rake aborted! NoMethodError: undefined method <code>first' for nil:NilClass" when there are custom bookmarks created 1563270 - Sync status information is lost after cleaning up old tasks related to sync. 1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers ('ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES256-GCM-SHA384') 1571907 - Passenger threads throwing tracebacks on API jobs after spawning 1576859 - [RFE] Implement automatic assigning subnets through data provided by facter 1584184 - [RFE] The locked template is getting overridden by default 1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box 1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template 1608001 - Rearrange search/filter options on Red Hat Repositories page. 1613391 - race condition on removing multiple organizations simultaneously 1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot 1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version 1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui 1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization 1625258 - Having empty "Allocation (GB)" when creating a new Host, nil:NilClass returned on creating the Host 1627066 - Unable to revert to the original version of the provisioning template 1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules 1630536 - yum repos password stored as cleartext 1632577 - Audit log show 'missing' for adding/removing repository to a CV 1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) 1645062 - host_collection controller responds with 200 instead of 201 to a POST request 1645749 - repositories controller responds with 200 instead of 201 to a POST request 1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build 1647364 - [RFE] Extend the audits by the http request id 1647781 - Audits contain no data (Added foo to Missing(ID: x)) 1651297 - Very slow query when using facts on user roles as filters 1653217 - [RFE] More evocative name for Play Ansible Roles option? 1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks 1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role, 1659418 - katello-tracer-upload failing with error "ImportError: No module named katello" 1665277 - subscription manager register activation key with special character failed 1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal 1666693 - Command "hammer subscription list" is not correctly showing the comment "Guests of " in the "Type" field in the output. 1677907 - Ansible API endpoints return 404 1680157 - [RFE] Puppet 'package' provider type does not support selecting modularity streams 1680458 - Locked Report Templates are getting removed. 1680567 - Reporting Engine API to list report template per organization/location returns 404 error 1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite 1685949 - [RFE] Support passing of attribute name instead of Id's in RHV workflow 1687116 - kernel version checks should not use /lib/modules to determine running version 1688886 - subscription-manager not attaching the right quantity per the cpu core 1691416 - Delays when many clients upload tracer data simultaneously 1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself 1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don't match runtime permissions 1705097 - An empty report file doesn't show any headers 1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service 1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed 1710511 - Filter by os_minor includes unexpected values on the Satellite web UI. 1715999 - Use Infoblox API for DNS conflict check and not system resolver 1716423 - Nonexistent quota can be set 1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page 1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array 1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally 1719509 - [RFE] "hammer host list" including erratas information 1719516 - [RFE] "hammer host-collection hosts" including erratas information 1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition 1721419 - SSH key cannot be added when FIPS enabled 1722954 - Slow performance when running "hammer host list" with a high number of Content Hosts (15k+ for example) 1723313 - foreman_tasks:cleanup description contain inconsistent information 1724494 - [Capsule][smart_proxy_dynflow_core] "PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start" 1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS 1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name 1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear 1730083 - [RFE] Add Jobs button to host detail page 1731155 - Cloud init template missing snippet compared to Kickstart default user data 1731229 - podman search against Red Hat Satellite 6 fails. 1731235 - [RFE] Create Report Template to list inactive hosts 1733241 - [RFE] hammer does not inherit parent location information 1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN 1736809 - undefined method</code>split' for nil:NilClass when viewing the host info with hammer 1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host. 1737564 - [RFE] Support custom images on Azure 1738548 - Parameter --openscap-proxy-id is missing in hammer host create command. 1740943 - Increasing Ansible verbosity level does not increase the verbosity of output 1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location. 1743776 - Error while deleting the content view version. 1745516 - Multiple duplicate index entries are present in candlepin database 1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI. 1749692 - Default Rhel8 scap content does not get populated on the Satellite 1749916 - [RFE] Satellite should support certificates with > 2048 Key size 1751981 - Parent object properties are not propagated to Child objects in Location and Host Group 1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command 1753551 - Traces output from Satellite GUI has mismatches with client tracer output 1756991 - 2 inputs with same name -> uninitialized constant #<Class:0x000000000b894c38>::NonUniqueInputsError 1757317 - [RFE] Dynflow workers extraction 1757394 - [BUG] Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via Satellite 6 API 1759160 - Rake task for cleaning up DHCP records on proxy 1761872 - Disabled buttons are still working 1763178 - [RFE] Unnecessary call to userhelp and therefore log entries 1763816 - [RFE] Report which users access the API 1766613 - Fact search bar broken and resets to only searching hostname 1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting 1767497 - Compute Resource filter does not correctly allow Refresh Cache 1767635 - [RFE] Enable Organization and Location to be entered not just selected 1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer. 1770544 - Puppet run job notification do not populate "%{puppet_options}"' value 1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method <code>[]' for nil:NilClass 1771367 - undefined method</code>request_uri' when Openidc Provider Token Endpoint is none 1771428 - Openscap documentation link on Satellite 6 webui is broke 1771484 - Client side documentation links are not branded 1771693 - 'Deployed on' parameter is not listed in API output 1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order 1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again 1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt 1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare 1774710 - UI: When selecting the server type in ldap authentication, "attribute mappings" fields could be populated automatically 1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines) 1778503 - Prepended text on OS name creation 1778681 - Some pages are missing title in html head 1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI. 1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly 1782352 - [RHEL 8.1 client] All packages are not getting updated after click on "Update All Packages" 1782426 - Viewing errata from a repository returns incorrect unfiltered results 1783568 - [RFE] - Bulk Tracer Remediation 1783882 - Ldap refresh failed with "Validation failed: Adding would cause a cycle!" 1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log 1784341 - disable CertificateRevocationListTask job in candlepin.conf by default 1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file 1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6. 1785624 - [UI] Importing templates with associate 'never' is not resulting as expected 1785683 - Does not load datacenter when multiple compute resources are created for same VCenter 1785902 - Ansible RunHostJob tasks failed with "Failed to initialize: NoMethodError - undefined method <code>[]' for nil:NilClass" 1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date 1787329 - change filename in initrd live CPIO archive to fdi.iso 1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL 1788958 - [RFE] add "elapsed time" column to export and hammer, make it filterable in WebUI 1789006 - Smart proxy dynflow core listens on 0.0.0.0 1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id 1789434 - Template editor not always allows refreshing of the preview pane 1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely 1789686 - Non-admin user with enough permissions can't generate report of applicable errata 1789815 - The "start" parameter should be mentioned inside "--compute-attributes:" in hammer_cli for Satellite 6 1789911 - "foreman-rake katello:publish_unpublished_repositories" is referring to column which no longer exists in katello_repositories table. 1789924 - [RFE] As user I want to see a "disabled" status for Simple Content Access (Golden Ticketed) Orgs 1791654 - drop config_templates api endpoints and parameters 1791656 - drop deprecated host status endpoint 1791658 - drop reports api endpoint 1791659 - Remove</code>use_puppet_default<code>api params 1791663 - remove deprecated permissions api parameters 1791665 - drop deprecated compute resource uuid parameter 1792131 - [UI] Could not specify organization/location for users that come from keycloak 1792135 - Not able to login again if session expired from keycloak 1792174 - [RFE] Subscription report template 1792304 - When generating custom report, leave output format field empty 1792378 - [RFE] Long role names are cut off in the roles UI 1793951 - [RFE] Display request UUID on audits page 1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists 1794346 - Change the label for the flashing eye icon during user impersonation 1794641 - Sync status page's content are not being displayed properly. 1795809 - HTML tags visible on paused task page 1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled 1796205 - iso upload: correctly check if upload directory exists 1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1796259 - loading subscriptions page is very slow 1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode 1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout 1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server 1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state. 1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host 1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input 1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input 1802529 - Repository sync in tasks page shows percentage in 17 decimal points 1802631 - Importing Ansible variables yields NoMethodError: undefined method</code>map' for nil:NilClass (initialize_variables) [variables_importer.rb] 1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none 1804496 - While performing bulk actions, unable to select all tasks under Monitor --> Tasks page. 1804651 - Missing information about "Create Capsule" via webUI 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7 1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error 1806842 - Disabling dynflow_enable_console from setting should hide "Dynflow console" in Tasks 1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method <code>mtu' 1807042 - [RFE] Support additional disks for VM on Azure Compute Resource 1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics. 1807829 - Generated inventory file doesn't exist 1807946 - Multiple duplicate index entries are present in foreman database 1808843 - Satellite lists unrelated RHV storage domains using v4 API 1810250 - Unable to delete repository - Content with ID could not be found 1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd 1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection 1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic "errata" page instead 1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units 1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana's API specification 1812904 - 'Hypervisors' task fails with 'undefined method</code>[]' for nil:NilClass' error 1813005 - Prevent --tuning option to be applied in Capsule servers 1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker) 1814095 - Applicable errata not showing up for module stream errata 1815104 - Locked provisioning template should not be allowed to add audit comment 1815135 - hammer does not support description for custom repositories 1815146 - Backslash escapes when downloading a JSON-formatted report multiple times 1815608 - Content Hosts has Access to Content View from Different Organization 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1816699 - Satellite Receptor Installer role can miss accounts under certain conditions 1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval 1816853 - Report generated by Red Hat Inventory Uploads is empty. 1817215 - Admin must be able to provide all the client ids involved inside Satellite settings. 1817224 - Loading one org's content view when switching to a different org 1817481 - Plugin does not set page <title> 1817728 - Default task polling is too frequent at scale 1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com. 1818062 - Deprecated message about katello agent being shown on content host registration page 1818816 - Web console should open in a new tab/window 1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.<em>.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1820193 - Deleted Global Http Proxy is still being used during repository sync. 1820245 - reports in JSON format can't handle unicode characters 1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512 1821335 - Inventory plugin captures information for systems with any entitlement 1821457 - [RFE] Capsules shouldn't update hosts' "Registered through" facts on the Satellite server in a load-balanced configuration. 1821629 - Eager zero seems to do nothing 1821651 - Manifest import task progress remains at 0. 1821752 - New version of the plugin is available: 1.0.5 1822039 - Get HTTP error when deploying the virt-who configure plugin 1822560 - Unable to sync large openshift docker repos 1823905 - Update distributor version to sat-6.7 1823991 - [RFE] Add a more performant way to sort reports 1824183 - Virtual host get counted as physical hosts on cloud.redhat.com 1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes "Blank" 1825760 - schedule inventory plugin sync failed due to 'organization_id' typecasting issue. 1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy 1825978 - Manifest refresh failed with 'Katello::Errors::CandlepinError Invalid credentials.' error 1826298 - even when I cancel ReX job, remediation still shows it as running 1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images 1826515 - [RFE] Consume Candlepin events via STOMP 1826625 - Improve performance of externalNodes 1826678 - New version of the plugin is available: 2.0.6 1826734 - Tasks uses wrong controller name for bookmarks 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories 1827583 - Installing dhcp_isc and dhcp_remote_isc fails with "You cannot specify the same gem twice with different version requirements.....You specified: rsec (< 1) and rsec (>= 0)" 1828257 - Receptor init file missing [Install] section, receptor service won't run after restart 1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API 1828549 - Manifest Certificate Exposed by Unprivileged User 1828682 - Create compute resource shows console error 'Cannot read property 'aDataSort' of undefined' 1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default 1828868 - Add keep alive option in Receptor node 1829487 - Ansible verbosity level does not work 1829766 - undefined method <code>tr' for nil:NilClass when trying to get a new DHCP lease from infoblox 1830253 - Default job templates are not locked 1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time 1830834 - Unable to update default value of a smart class parameter (Sql query error). 1830860 - Refactor loading regions based on subscription dynamically 1830882 - Red Hat Satellite brand icon is missing 1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo 1831528 - CVE-2020-5267 rubygem-actionview: views that use the</code>j<code>or</code>escape_javascript<code>methods are susceptible to XSS attacks 1833031 - Improve RH account ID fetching in cloud connector playbook 1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished) 1833039 - Introduce error code to playbook_run_finished response type 1833311 - "Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid" while creating scap policy with ansible deployment option. 1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of '/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud' returned 1: Error: Nothing to do 1834377 - Disable mongo FTDC 1834866 - Missing macro for "registered_at" host subscription facet 1834898 - Login Page background got centralized and cropped 1835189 - Missing macro for "host_redhat_subscriptions" in host subscription facet 1835241 - Some applicability of the consumers are not recalculated after syncing a repository 1835882 - While executing "Configure Cloud Connector" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting 1836155 - Support follow on rails, travis and i18n work for AzureRm plugin 1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman. 1836774 - Some foreman services failed to start (pulp_streamer) 1836845 - "Generate at" in report template should be current date 1837951 - "invalid Unicode Property \p: /\b\perform various actions through those proxies\b(?!-)/" warning messages appears in dynflow-sidekiq@worker-hosts-queue 1838160 - 'Registered hosts' report does not list kernel release for rhsm clients 1838191 - Arrow position is on left rather in the middle under "Start Time" 1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory 1838917 - Repositories are not showing their available Release versions due to a low default db pool size 1838963 - Hypervisors from Satellite, never makes their way to HBI 1838965 - Product name link is not working on the activation keys "Repository Sets" tab. 1839025 - Configure Cloud Connector relies on information which is no longer provided by the API 1839649 - satellite-installer --reset returns a traceback 1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds 1839779 - undefined local variable or method</code>implicit_order_column' for #<ActiveRecord::Associations::CollectionProxy> on GET request to /discovery_rules endpoint 1839966 - New version of the plugin is available: 2.0.7 1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out . 1840191 - Validate parameters passed by receptor to the receptor-satellite plugin 1840218 - ArgumentError: wrong number of arguments 1840525 - Content host list doesn't update after the successful deletion of content host. 1840635 - Proxy has failed to load one or more features (Realm) 1840723 - Selected scenario is DISABLED, can not continue 1840745 - Satellite installation failed with puppet error " No Puppet module parser is installed" 1841098 - Failed to resolve package dependency while doing satellite upgrade. 1841143 - Known hosts key removal may fail hard, preventing host from being provisioned 1841573 - Clicking breadcrumb "Auth Source Ldaps" on Create LDAP Auth Source results in "The page you were looking for doesn't exist." 1841818 - icons missing on /pub download page 1842900 - ERROR! the role 'satellite-receptor' was not found in ... 1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/ 1843406 - In 6.8, Receptor installation playbook's inputs are visible again 1843561 - Report templates duplicated 1843846 - Host - Registered Content Hosts report: "Safemode doesn't allow to access 'report_hraders' on #<Safemode::ScopeObject>" 1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8 1843926 - satellite-change-hostname fails when running nsupdate 1844142 - [RFE] Drop a subsription-manager fact with the satellite version 1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP 1845486 - [RFE] Able to select 'HTTP Proxy' during Compute Resource create for 'GCE' as similar to EC2 1845860 - hammer org add-provisioning-template command returns Error: undefined method <code>[]' for nil:NilClass 1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1846254 - need to restart services after enabling leapp plugin 1846313 - Add index on locks for resource type and task id 1846317 - undefined method</code>klass' for nil:NilClass 1846421 - build pxe default do not work when more than 1 provider 1846593 - Satellite-installer failed with error "Could not find a suitable provider for foreman_smartproxy" while doing upgrade from 6.7 to 6.8 1847019 - Empty applicability for non-modular repos 1847063 - Slow manifest import and/or refresh 1847407 - load_pools macro not in list of macros 1847645 - Allow override of Katello's DISTRIBUTOR_VERSION 1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details. 1847840 - Libvirt note link leads to 404 1847871 - Combined Profile Update: ArgumentError: invalid argument: nil. 1848291 - Download kernel/initram for kexec asynchronously 1848535 - Unable to create a pure IPv6 host 1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8) 1848902 - ERF42-0258 [Foreman::Exception]: <uuid> is not valid, enter id or name 1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory 1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool 1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms 1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule 1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names 1849656 - ERROR! You cannot use loops on 'import_tasks' statements. You should use 'include_tasks' instead. 1849680 - Task progress decimal precision discrepancy between UI, CLI, and API 1849869 - Unable to recycle the dynflow executor 1850355 - Auth Source Role Filters are not working in Satellite 6.8 1850536 - Can't add RHEV with APIv3 through Hammer 1850914 - Checksum type "sha256" is not available for all units in the repository. Make sure those units have been downloaded 1850934 - Satellite-installer failed with error "Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)" 1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates 1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9 1851167 - Autoattach -> "undefined" subscription added 1851176 - Subscriptions do not provide any repository sets 1851952 - "candlepin_events FAIL Not running" and wont restart 1852371 - Allow http proxy ports by default 1852723 - Broken link for documentation on installation media page 1852733 - Inventory upload documentation redirects to default location 1852735 - New version of the plugin is available: 2.0.8 1853076 - large capsule syncs cause slow processing of dynflow tasks/steps 1853200 - foreman-rake-db:migrate Fails on "No indexes found on foreman_tasks_locks with the options provided" 1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7 1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh 1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views 1853572 - Broken documentation link for 'RHV' in Compute Resource 1854138 - System purpose status should show as 'disabled' when Satellite is in Simple Content Access mode. 1854397 - Compliance reports are not being uploaded to satellite. 1854530 - PG::NotNullViolation when syncing hosts from cloud 1855008 - Host parameters are set after the host is created. 1855254 - Links to documentation broken in HTTP Proxies setup 1855348 - katello_applicability accidentally set to true at install 1855710 - 'Ensure RPM repository is configured and enabled' task says 'FIXME' 1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page. 1856379 - Add missing VM creation tests 1856401 - [RFE] Add module to create HTTP Proxy 1856831 - New version of the plugin is available: 2.0.9 1856837 - undefined method '#httpboot' for NilClass::Jail (NilClass) when creating an IPv6 only host 1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500 1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos 1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos 1857377 - Capsule Upgrade Playbook fails with "Failed to initialize: NoMethodError - undefined method <code>default_capsule' for Katello:Module" 1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError 1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename. 1857726 - Warnings are shown during the satellite package installation on RHEL 7.9 1858237 - Upgraded Satellite has duplicated katello_pools indexes 1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user 1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite 1858855 - Creating compute resources on IPV6 network does not fail gracefully 1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf 1859194 - load_hosts macro duplicated in a list of macros 1859276 - Need to update the deprecation warning message on Statistics and Trends page. 1859705 - Tomcat is not running on fresh Capsule installation 1859929 - User can perform other manifest actions while the first one starts 1860351 - 'Host - compare content hosts packages' report fails with error 'undefined method '#first' for NilClass' 1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed 1860422 - Host with remediations can't be removed 1860430 - 'Host - compare content hosts packages' report: Safemode doesn't allow to access 'version'... 1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service 1860519 - Browsing capsule /pub directory with https fails with forbidden don't have permission to access /pub/ error. 1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8 1860587 - Documentation link in Administer -> About pointing to 6.6 document. 1860835 - Installed Packages not displayed on About page 1860957 - Unable to select an organization for sync management 1861367 - Import Template sync never completes 1861397 - UI dialog for Capsule Upgrade Playbook job doesn't state whitelist_options is required 1861422 - Error encountered while handling the response, replying with an error message ('plugin_config') 1861656 - smart-proxy-openscap-send command fails to upload reports to satellite. 1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request 1861766 - Add ability to list traces by host with hammer 1861807 - Cancel/Abort button should be disabled once REX job is finish 1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer 1861831 - satellite-change-hostname cannot change the satellite hostname after failing. 1861890 - Recommended repos do not match Satellite version 1861970 - Content -> Product doesn't work when no organization is selected 1862135 - updating hosts policy using bulk action fails with sql error 1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite. 1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6 1865871 - Obfuscated hosts do not have domain reported 1865872 - Templates doc - examples on onepage.html are not processed 1865874 - Add inventory status to host 1865876 - Make recommendations count in hosts index a link 1865879 - Add automatic scheduler for insights sync 1865880 - Add an explanation how to enable insights sync 1865928 - Templates documentation help page has hard-coded Satellite setting value 1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently 1866029 - Templates DSL documentation: Parts of description are put in <pre> tag 1866436 - host search filter does not work in job invocation page 1866461 - Run action is missing in job templates page 1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page 1866700 - Hammer CLI is missing "resolve" (traces) option for katello-tracer 1866710 - Wrong API endpoint path referenced for resolving host traces 1867239 - hammer content-view version incremental-update fails with ISE 1867287 - Error Row was updated or deleted by another transaction when deleting docker repository 1867311 - Upgrade fails when checkpoint_segments postgres parameter configured 1867399 - Receptor-satellite isn't able to deal with jobs where all the hosts are unknown to satellite 1867895 - API Create vmware ComputeResource fails with "Datacenter can't be blank" 1868183 - Unable to change virt-who hypervisor location. 1868971 - Receptor installation job doesn't properly escape data it puts into receptor.conf 1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)' messages come in upgrade and installation. 1869812 - Tasks fail to complete under load 1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow 1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found) 1871434 - theme css ".container" class rule is too generic 1871729 - ansible-runner implementation depends on third party repository for ansible-runner package. 1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout 1871978 - Bug in provisioning_template Module 1872014 - Enable web console on host error in "Oops, we're sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console" 1872041 - Host search returns incorrect result 1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result 1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover 1874143 - Red Hat Inventory Uploads does not use proxy 1874160 - Changing Content View of a Content Host needs to better inform the user around client needs 1874168 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception' 1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file 1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts) 1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow 1874176 - Unable to search by value of certain Hostgroup parameter 1874422 - Hits Sync uses only old proxy setting 1874619 - Hostgroup tag is never reported in slice 1875357 - After upgrade server response check failed for candlepin. 1875426 - Azure VM provision fails with error</code>requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url` 1875660 - Reporting Template macros host_cores is not working as expected 1875667 - Audit page list incorrect search filter 1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only 1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding 1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries 1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-</em>.csv 1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-<em>.csv 1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-</em>.csv 1878194 - In Capsule upgrade, "yum update" dump some error messages. 1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled 1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections 1878850 - creating host from hg doesn't resolves the user-data template 1879151 - Remote execution status not updating with large number of hosts 1879448 - Add hits details to host details page 1879451 - Stop uploading if Satellite's setting is disconnected 1879453 - Add plugin version to report metadata 1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP 1880637 - [6.8] satellite-installer always runs upgrade steps 1881066 - Safemode doesn't allow to access 'host_cores' on #<Safemode::ScopeObject> 1881078 - Use Passenger instead of Puma as the Foreman application server 1881988 - [RFE] IPv6 support for Satellite 6.8 1882276 - Satellite installation fails at execution of '/usr/sbin/foreman-rake -- config -k 'remote_execution_cockpit_url' -v '/webcon/=%{host}'' 1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results 1883093 - installer-upgrade failed with error "Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)" 1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error "HTTP error (500 - Internal Server Error): Unable to register system, not all services available" 1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals 1887489 - Insights rules can't be loaded on freshly installed Satellite system 1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO</p> <ol> <li>Package List:</li> </ol> <p>Red Hat Satellite Capsule 6.8:</p> <p>Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm</p> <p>noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-nodes-child-2.21.3-1.el7sat.noarch.rpm pulp-nodes-common-2.21.3-1.el7sat.noarch.rpm pulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm</p> <p>x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm</p> <p>Red Hat Satellite 6.7:</p> <p>Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm candlepin-3.1.21-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm foreman-selinux-2.1.2.3-1.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pcp-mmvstatsd-0.4-2.el7sat.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-aiohttp-3.6.2-4.el7ar.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-async-timeout-3.0.1-2.el7ar.src.rpm python-attrs-19.3.0-3.el7ar.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-chardet-3.0.4-10.el7ar.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-dateutil-2.8.1-2.el7ar.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-idna-2.4-2.el7ar.src.rpm python-idna-ssl-1.1.0-2.el7ar.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-multidict-4.7.4-2.el7ar.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-prometheus-client-0.7.1-2.el7ar.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-receptor-satellite-1.2.0-1.el7sat.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-six-1.11.0-8.el7ar.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-typing-extensions-3.7.4.1-2.el7ar.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-yarl-1.4.2-2.el7ar.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm receptor-0.6.3-1.el7ar.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm rubygem-facter-2.4.1-2.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm rubygem-passenger-4.0.18-24.el7sat.src.rpm rubygem-rack-1.6.12-1.el7sat.src.rpm rubygem-rake-0.9.2.2-41.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm tfm-rubygem-audited-4.9.0-3.el7sat.src.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm tfm-rubygem-builder-3.2.4-1.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm tfm-rubygem-crass-1.0.6-1.el7sat.src.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm tfm-rubygem-deface-1.5.3-2.el7sat.src.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm tfm-rubygem-excon-0.58.0-3.el7sat.src.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm tfm-rubygem-facter-2.4.0-6.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm tfm-rubygem-fx-0.5.0-1.el7sat.src.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm tfm-rubygem-git-1.5.0-1.el7sat.src.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-3.3.0-1.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-locale-2.0.9-13.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm tfm-rubygem-mail-2.7.1-1.el7sat.src.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm tfm-rubygem-os-1.0.0-1.el7sat.src.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm tfm-rubygem-pg-1.1.4-2.el7sat.src.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm tfm-rubygem-puma-4.3.3-4.el7sat.src.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm tfm-rubygem-redis-4.1.2-2.el7sat.src.rpm tfm-rubygem-representable-3.0.4-1.el7sat.src.rpm tfm-rubygem-responders-3.0.0-3.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm tfm-rubygem-signet-0.11.0-3.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm tfm-rubygem-text-1.3.0-7.el7sat.src.rpm tfm-rubygem-thor-1.0.1-2.el7sat.src.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm tfm-rubygem-uber-0.1.0-1.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm</p> <p>noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm candlepin-3.1.21-1.el7sat.noarch.rpm candlepin-selinux-3.1.21-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-2.1.2.19-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-cli-2.1.2.19-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm foreman-ec2-2.1.2.19-1.el7sat.noarch.rpm foreman-gce-2.1.2.19-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-journald-2.1.2.19-1.el7sat.noarch.rpm foreman-libvirt-2.1.2.19-1.el7sat.noarch.rpm foreman-openstack-2.1.2.19-1.el7sat.noarch.rpm foreman-ovirt-2.1.2.19-1.el7sat.noarch.rpm foreman-postgresql-2.1.2.19-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm foreman-selinux-2.1.2.3-1.el7sat.noarch.rpm foreman-service-2.1.2.19-1.el7sat.noarch.rpm foreman-telemetry-2.1.2.19-1.el7sat.noarch.rpm foreman-vmware-2.1.2.19-1.el7sat.noarch.rpm katello-3.16.0-1.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm katello-selinux-3.4.0-1.el7sat.noarch.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm python3-async-timeout-3.0.1-2.el7ar.noarch.rpm python3-attrs-19.3.0-3.el7ar.noarch.rpm python3-chardet-3.0.4-10.el7ar.noarch.rpm python3-dateutil-2.8.1-2.el7ar.noarch.rpm python3-idna-2.4-2.el7ar.noarch.rpm python3-idna-ssl-1.1.0-2.el7ar.noarch.rpm python3-prometheus-client-0.7.1-2.el7ar.noarch.rpm python3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm python3-six-1.11.0-8.el7ar.noarch.rpm python3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm receptor-0.6.3-1.el7ar.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm rubygem-rack-1.6.12-1.el7sat.noarch.rpm rubygem-rake-0.9.2.2-41.el7sat.noarch.rpm satellite-6.8.0-1.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-cli-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm tfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm tfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm tfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm tfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm tfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm tfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm tfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm tfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm tfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm tfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm tfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm tfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm</p> <p>x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_passenger-4.0.18-24.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm pcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm python3-aiohttp-3.6.2-4.el7ar.x86_64.rpm python3-multidict-4.7.4-2.el7ar.x86_64.rpm python3-yarl-1.4.2-2.el7ar.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm rubygem-facter-2.4.1-2.el7sat.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm rubygem-passenger-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm</p> <p>These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/</p> <ol> <li>References:</li> </ol> <p>https://access.redhat.com/security/cve/CVE-2018-3258 https://access.redhat.com/security/cve/CVE-2018-11751 https://access.redhat.com/security/cve/CVE-2019-12781 https://access.redhat.com/security/cve/CVE-2019-16782 https://access.redhat.com/security/cve/CVE-2020-5216 https://access.redhat.com/security/cve/CVE-2020-5217 https://access.redhat.com/security/cve/CVE-2020-5267 https://access.redhat.com/security/cve/CVE-2020-7238 https://access.redhat.com/security/cve/CVE-2020-7663 https://access.redhat.com/security/cve/CVE-2020-7942 https://access.redhat.com/security/cve/CVE-2020-7943 https://access.redhat.com/security/cve/CVE-2020-8161 https://access.redhat.com/security/cve/CVE-2020-8184 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11619 https://access.redhat.com/security/cve/CVE-2020-14061 https://access.redhat.com/security/cve/CVE-2020-14062 https://access.redhat.com/security/cve/CVE-2020-14195 https://access.redhat.com/security/cve/CVE-2020-14334 https://access.redhat.com/security/cve/CVE-2020-14380 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK 1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa 5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr oomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f Z8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io OhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX k9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG C2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5 /6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta D2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a f4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG 1yK/tAm1KBU=osSG -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The purpose of this text-only errata is to inform you about the security issues fixed in this release. </p> <p>Security Fix(es):</p> <ul> <li> <p>netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)</p> </li> <li> <p>dom4j (CVE-2018-1000632)</p> </li> <li> <p>elasticsearch (CVE-2018-3831)</p> </li> <li> <p>pdfbox (CVE-2018-11797)</p> </li> <li> <p>vertx (CVE-2018-12541)</p> </li> <li> <p>spring-data-jpa (CVE-2019-3797)</p> </li> <li> <p>mina-core (CVE-2019-0231)</p> </li> <li> <p>jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540 CVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943 CVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619 CVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)</p> </li> <li> <p>jackson-mapper-asl (CVE-2019-10172)</p> </li> <li> <p>hawtio (CVE-2019-9827)</p> </li> <li> <p>undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)</p> </li> <li> <p>santuario (CVE-2019-12400)</p> </li> <li> <p>apache-commons-beanutils (CVE-2019-10086)</p> </li> <li> <p>cxf (CVE-2019-17573)</p> </li> <li> <p>apache-commons-configuration (CVE-2020-1953)</p> </li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:</p> <p>Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. </p> <p>Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1728604 - CVE-2019-9827 hawtio: server side request forgery via initial /proxy/ substring of a URI 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource 1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig 1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package 1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package 1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package 1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.<em> 1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource 1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source 1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default 1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS 1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.</em> 1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking 1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page 1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header 1798524 - CVE-2019-20444 netty: HTTP request smuggling 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1815212 - CVE-2020-1953 apache-commons-configuration: uncontrolled class instantiation when loading YAML files 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory 1848960 - CVE-2020-14060 jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool 1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool 1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms</p> <p>5</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202006-1825" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202006-1825" aria-expanded="false" aria-controls="collapseJsonvar-202006-1825"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202006-1825&t=Vulnerability var-202006-1825" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202006-1825&title=Vulnerability var-202006-1825" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202006-1825&url=https://vulnerability.circl.lu/vuln/var-202006-1825" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202006-1825&title=Vulnerability var-202006-1825" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202006-1825&description=Vulnerability var-202006-1825" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202006-1825&title=Vulnerability var-202006-1825" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202006-1825')" vuln-id="var-202006-1825" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202006-1825"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202006-1825">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1825", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "9.5" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.3" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.1" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.4.0" }, { "model": "steelstore cloud integrated storage", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.2" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.2" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "7.3" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.1" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.5.0" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications calendar server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.5" }, { "model": "jackson-databind", "scope": "eq", "trust": 0.8, "vendor": "fasterxml", "version": "2.9.10.5" }, { "model": "ops center common services", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "(\u6d77\u5916\u8ca9\u58f2\u306e\u307f)" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-007015" }, { "db": "NVD", "id": "CVE-2020-14195" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.5", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "versionStartIncluding": "9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-14195" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "CNNVD", "id": "CNNVD-202006-1070" } ], "trust": 0.8 }, "cve": "CVE-2020-14195", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-007015", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-167049", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-14195", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-007015", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-14195", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2020-007015", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202006-1070", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-167049", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-14195", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-167049" }, { "db": "VULMON", "id": "CVE-2020-14195" }, { "db": "JVNDB", "id": "JVNDB-2020-007015" }, { "db": "NVD", "id": "CVE-2020-14195" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202006-1070" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.5. An attacker could exploit this vulnerability to execute arbitrary code on the system by sending specially crafted input. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Satellite 6.8 release\nAdvisory ID: RHSA-2020:4366-01\nProduct: Red Hat Satellite 6\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4366\nIssue date: 2020-10-27\nCVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781\n CVE-2019-16782 CVE-2020-5216 CVE-2020-5217\n CVE-2020-5267 CVE-2020-7238 CVE-2020-7663\n CVE-2020-7942 CVE-2020-7943 CVE-2020-8161\n CVE-2020-8184 CVE-2020-8840 CVE-2020-9546\n CVE-2020-9547 CVE-2020-9548 CVE-2020-10693\n CVE-2020-10968 CVE-2020-10969 CVE-2020-11619\n CVE-2020-14061 CVE-2020-14062 CVE-2020-14195\n CVE-2020-14334 CVE-2020-14380\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Satellite 6.8 for RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Satellite 6.7 - noarch, x86_64\nRed Hat Satellite Capsule 6.8 - noarch, x86_64\n\n3. Description:\n\nRed Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized tool. \n\nSecurity Fix(es):\n\n* mysql-connector-java: Connector/J unspecified vulnerability (CPU October\n2018) (CVE-2018-3258)\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n* rubygem-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7663)\n* puppet: puppet server and puppetDB may leak sensitive information via\nmetrics API (CVE-2020-7943)\n* jackson-databind: multiple serialization gadgets (CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)\n* foreman: unauthorized cache read on RPM-based installations through local\nuser (CVE-2020-14334)\n* Satellite: Local user impersonation by Single sign-on (SSO) user leads to\naccount takeover (CVE-2020-14380)\n* Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n(CVE-2019-12781)\n* rubygem-rack: hijack sessions by using timing attacks targeting the\nsession id (CVE-2019-16782)\n* rubygem-secure_headers: limited header injection when using dynamic\noverrides with user input (CVE-2020-5216)\n* rubygem-secure_headers: directive injection when using dynamic overrides\nwith user input (CVE-2020-5217)\n* rubygem-actionview: views that use the `j` or `escape_javascript` methods\nare susceptible to XSS attacks (CVE-2020-5267)\n* puppet: Arbitrary catalog retrieval (CVE-2020-7942)\n* rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)\n* rubygem-rack: percent-encoded cookies can be used to overwrite existing\nprefixed cookie names (CVE-2020-8184)\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n* puppet-agent: Puppet Agent does not properly verify SSL connection when\ndownloading a CRL (CVE-2018-11751)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\n* Provides the Satellite Ansible Modules that allow for full automation of\nyour Satellite configuration and deployment. \n\n* Adds ability to install Satellite and Capsules and manage hosts in a IPv6\nnetwork environment\n\n* Ansible based Capsule Upgrade automation: Ability to centrally upgrade\nall of your Capsule servers with a single job execution. \n\n* Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest\nversion of Puppet\n\n* Support for HTTP UEFI provisioning\n\n* Support for CAC card authentication with Keycloak integration\n\n* Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8\nusing the LEAPP based tooling. \n\n* Support for Red Hat Enterprise Linux Traces integration\n\n* satellite-maintain \u0026 foreman-maintain are now self updating\n\n* Notifications in the UI to warn users when subscriptions are expiring. \n\nThe items above are not a complete list of changes. This update also fixes\nseveral bugs and adds various enhancements. Documentation for these changes\nis available from the Release Notes document linked to in the References\nsection. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1160344 - [RFE] Satellite support for cname as alternate cname for satellite server\n1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems\n1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy\n1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt\n1398317 - For the vms built by Satellite 6 using \"Network Based\" installation mode on VMWare, unable to change the boot sequence via BIOS\n1410616 - [RFE] Prominent notification of expiring subscriptions. \n1410916 - Should only be able to add repositories you have access to\n1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3\n1461781 - [RFE]A button should be available in the GUI to clear the recurring logics. \n1469267 - need updated rubygem-rake\n1486446 - Content view versions list has slow query for package count\n1486696 - \u0027hammer host update\u0027 removes existing host parameters\n1494180 - Sorting by network address for subnet doesn\u0027t work properly\n1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost\n1503037 - [RFE] Cancelled future/recurring job invocations should not get the status \"failed\" but rather \"cancelled\"\n1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for \"172.17.0.101\"\n1531674 - Operating System Templates are ordered inconsistently in UI. \n1537320 - [RFE] Support for Capsules at 1 version lower than Satellite\n1543316 - Satellite 6.2 Upgrade Fails with error \"rake aborted! NoMethodError: undefined method `first\u0027 for nil:NilClass\" when there are custom bookmarks created\n1563270 - Sync status information is lost after cleaning up old tasks related to sync. \n1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers (\u0027ECDHE-RSA-AES128-GCM-SHA256\u0027, \u0027ECDHE-RSA-AES256-GCM-SHA384\u0027)\n1571907 - Passenger threads throwing tracebacks on API jobs after spawning\n1576859 - [RFE] Implement automatic assigning subnets through data provided by facter\n1584184 - [RFE] The locked template is getting overridden by default\n1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box\n1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template\n1608001 - Rearrange search/filter options on Red Hat Repositories page. \n1613391 - race condition on removing multiple organizations simultaneously\n1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot\n1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version\n1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui\n1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization\n1625258 - Having empty \"Allocation (GB)\" when creating a new Host, nil:NilClass returned on creating the Host\n1627066 - Unable to revert to the original version of the provisioning template\n1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules\n1630536 - yum repos password stored as cleartext\n1632577 - Audit log show \u0027missing\u0027 for adding/removing repository to a CV\n1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)\n1645062 - host_collection controller responds with 200 instead of 201 to a POST request\n1645749 - repositories controller responds with 200 instead of 201 to a POST request\n1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build\n1647364 - [RFE] Extend the audits by the http request id\n1647781 - Audits contain no data (Added foo to Missing(ID: x))\n1651297 - Very slow query when using facts on user roles as filters\n1653217 - [RFE] More evocative name for Play Ansible Roles option?\n1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks\n1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,\n1659418 - katello-tracer-upload failing with error \"ImportError: No module named katello\"\n1665277 - subscription manager register activation key with special character failed\n1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal\n1666693 - Command \"hammer subscription list\" is not correctly showing the comment \"Guests of \" in the \"Type\" field in the output. \n1677907 - Ansible API endpoints return 404\n1680157 - [RFE] Puppet \u0027package\u0027 provider type does not support selecting modularity streams\n1680458 - Locked Report Templates are getting removed. \n1680567 - Reporting Engine API to list report template per organization/location returns 404 error\n1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite\n1685949 - [RFE] Support passing of attribute name instead of Id\u0027s in RHV workflow\n1687116 - kernel version checks should not use /lib/modules to determine running version\n1688886 - subscription-manager not attaching the right quantity per the cpu core\n1691416 - Delays when many clients upload tracer data simultaneously\n1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself\n1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don\u0027t match runtime permissions\n1705097 - An empty report file doesn\u0027t show any headers\n1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service\n1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed\n1710511 - Filter by os_minor includes unexpected values on the Satellite web UI. \n1715999 - Use Infoblox API for DNS conflict check and not system resolver\n1716423 - Nonexistent quota can be set\n1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page\n1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array\n1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally\n1719509 - [RFE] \"hammer host list\" including erratas information\n1719516 - [RFE] \"hammer host-collection hosts\" including erratas information\n1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition\n1721419 - SSH key cannot be added when FIPS enabled\n1722954 - Slow performance when running \"hammer host list\" with a high number of Content Hosts (15k+ for example)\n1723313 - foreman_tasks:cleanup description contain inconsistent information\n1724494 - [Capsule][smart_proxy_dynflow_core] \"PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start\"\n1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name\n1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear\n1730083 - [RFE] Add Jobs button to host detail page\n1731155 - Cloud init template missing snippet compared to Kickstart default user data\n1731229 - podman search against Red Hat Satellite 6 fails. \n1731235 - [RFE] Create Report Template to list inactive hosts\n1733241 - [RFE] hammer does not inherit parent location information\n1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN\n1736809 - undefined method `split\u0027 for nil:NilClass when viewing the host info with hammer\n1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host. \n1737564 - [RFE] Support custom images on Azure\n1738548 - Parameter --openscap-proxy-id is missing in hammer host create command. \n1740943 - Increasing Ansible verbosity level does not increase the verbosity of output\n1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location. \n1743776 - Error while deleting the content view version. \n1745516 - Multiple duplicate index entries are present in candlepin database\n1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI. \n1749692 - Default Rhel8 scap content does not get populated on the Satellite\n1749916 - [RFE] Satellite should support certificates with \u003e 2048 Key size\n1751981 - Parent object properties are not propagated to Child objects in Location and Host Group\n1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command\n1753551 - Traces output from Satellite GUI has mismatches with client tracer output\n1756991 - 2 inputs with same name -\u003e uninitialized constant #\u003cClass:0x000000000b894c38\u003e::NonUniqueInputsError\n1757317 - [RFE] Dynflow workers extraction\n1757394 - [BUG] Non-admin users always get \"Missing one of the required permissions\" message while accessing their own table_preferences via Satellite 6 API\n1759160 - Rake task for cleaning up DHCP records on proxy\n1761872 - Disabled buttons are still working\n1763178 - [RFE] Unnecessary call to userhelp and therefore log entries\n1763816 - [RFE] Report which users access the API\n1766613 - Fact search bar broken and resets to only searching hostname\n1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting\n1767497 - Compute Resource filter does not correctly allow Refresh Cache\n1767635 - [RFE] Enable Organization and Location to be entered not just selected\n1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer. \n1770544 - Puppet run job notification do not populate \"%{puppet_options}\"\u0027 value\n1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method `[]\u0027 for nil:NilClass\n1771367 - undefined method `request_uri\u0027 when Openidc Provider Token Endpoint is none\n1771428 - Openscap documentation link on Satellite 6 webui is broke\n1771484 - Client side documentation links are not branded\n1771693 - \u0027Deployed on\u0027 parameter is not listed in API output\n1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order\n1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again\n1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt\n1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare\n1774710 - UI: When selecting the server type in ldap authentication, \"attribute mappings\" fields could be populated automatically\n1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)\n1778503 - Prepended text on OS name creation\n1778681 - Some pages are missing title in html head\n1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI. \n1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly\n1782352 - [RHEL 8.1 client] All packages are not getting updated after click on \"Update All Packages\"\n1782426 - Viewing errata from a repository returns incorrect unfiltered results\n1783568 - [RFE] - Bulk Tracer Remediation\n1783882 - Ldap refresh failed with \"Validation failed: Adding would cause a cycle!\"\n1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log\n1784341 - disable CertificateRevocationListTask job in candlepin.conf by default\n1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file\n1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6. \n1785624 - [UI] Importing templates with associate \u0027never\u0027 is not resulting as expected\n1785683 - Does not load datacenter when multiple compute resources are created for same VCenter\n1785902 - Ansible RunHostJob tasks failed with \"Failed to initialize: NoMethodError - undefined method `[]\u0027 for nil:NilClass\"\n1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date\n1787329 - change filename in initrd live CPIO archive to fdi.iso\n1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL\n1788958 - [RFE] add \"elapsed time\" column to export and hammer, make it filterable in WebUI\n1789006 - Smart proxy dynflow core listens on 0.0.0.0\n1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id\n1789434 - Template editor not always allows refreshing of the preview pane\n1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely\n1789686 - Non-admin user with enough permissions can\u0027t generate report of applicable errata\n1789815 - The \"start\" parameter should be mentioned inside \"--compute-attributes:\" in hammer_cli for Satellite 6\n1789911 - \"foreman-rake katello:publish_unpublished_repositories\" is referring to column which no longer exists in katello_repositories table. \n1789924 - [RFE] As user I want to see a \"disabled\" status for Simple Content Access (Golden Ticketed) Orgs\n1791654 - drop config_templates api endpoints and parameters\n1791656 - drop deprecated host status endpoint\n1791658 - drop reports api endpoint\n1791659 - Remove `use_puppet_default` api params\n1791663 - remove deprecated permissions api parameters\n1791665 - drop deprecated compute resource uuid parameter\n1792131 - [UI] Could not specify organization/location for users that come from keycloak\n1792135 - Not able to login again if session expired from keycloak\n1792174 - [RFE] Subscription report template\n1792304 - When generating custom report, leave output format field empty\n1792378 - [RFE] Long role names are cut off in the roles UI\n1793951 - [RFE] Display request UUID on audits page\n1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists\n1794346 - Change the label for the flashing eye icon during user impersonation\n1794641 - Sync status page\u0027s content are not being displayed properly. \n1795809 - HTML tags visible on paused task page\n1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled\n1796205 - iso upload: correctly check if upload directory exists\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1796259 - loading subscriptions page is very slow\n1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode\n1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout\n1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server\n1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state. \n1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host\n1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input\n1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input\n1802529 - Repository sync in tasks page shows percentage in 17 decimal points\n1802631 - Importing Ansible variables yields NoMethodError: undefined method `map\u0027 for nil:NilClass (initialize_variables) [variables_importer.rb]\n1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none\n1804496 - While performing bulk actions, unable to select all tasks under Monitor --\u003e Tasks page. \n1804651 - Missing information about \"Create Capsule\" via webUI\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7\n1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error\n1806842 - Disabling dynflow_enable_console from setting should hide \"Dynflow console\" in Tasks\n1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method `mtu\u0027\n1807042 - [RFE] Support additional disks for VM on Azure Compute Resource\n1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics. \n1807829 - Generated inventory file doesn\u0027t exist\n1807946 - Multiple duplicate index entries are present in foreman database\n1808843 - Satellite lists unrelated RHV storage domains using v4 API\n1810250 - Unable to delete repository - Content with ID could not be found\n1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd\n1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection\n1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic \"errata\" page instead\n1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units\n1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana\u0027s API specification\n1812904 - \u0027Hypervisors\u0027 task fails with \u0027undefined method `[]\u0027 for nil:NilClass\u0027 error\n1813005 - Prevent --tuning option to be applied in Capsule servers\n1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)\n1814095 - Applicable errata not showing up for module stream errata\n1815104 - Locked provisioning template should not be allowed to add audit comment\n1815135 - hammer does not support description for custom repositories\n1815146 - Backslash escapes when downloading a JSON-formatted report multiple times\n1815608 - Content Hosts has Access to Content View from Different Organization\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1816699 - Satellite Receptor Installer role can miss accounts under certain conditions\n1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval\n1816853 - Report generated by Red Hat Inventory Uploads is empty. \n1817215 - Admin must be able to provide all the client ids involved inside Satellite settings. \n1817224 - Loading one org\u0027s content view when switching to a different org\n1817481 - Plugin does not set page \u003ctitle\u003e\n1817728 - Default task polling is too frequent at scale\n1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com. \n1818062 - Deprecated message about katello agent being shown on content host registration page\n1818816 - Web console should open in a new tab/window\n1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1820193 - Deleted Global Http Proxy is still being used during repository sync. \n1820245 - reports in JSON format can\u0027t handle unicode characters\n1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512\n1821335 - Inventory plugin captures information for systems with any entitlement\n1821457 - [RFE] Capsules shouldn\u0027t update hosts\u0027 \"Registered through\" facts on the Satellite server in a load-balanced configuration. \n1821629 - Eager zero seems to do nothing\n1821651 - Manifest import task progress remains at 0. \n1821752 - New version of the plugin is available: 1.0.5\n1822039 - Get HTTP error when deploying the virt-who configure plugin\n1822560 - Unable to sync large openshift docker repos\n1823905 - Update distributor version to sat-6.7\n1823991 - [RFE] Add a more performant way to sort reports\n1824183 - Virtual host get counted as physical hosts on cloud.redhat.com\n1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes \"Blank\"\n1825760 - schedule inventory plugin sync failed due to \u0027organization_id\u0027 typecasting issue. \n1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy\n1825978 - Manifest refresh failed with \u0027Katello::Errors::CandlepinError Invalid credentials.\u0027 error\n1826298 - even when I cancel ReX job, remediation still shows it as running\n1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images\n1826515 - [RFE] Consume Candlepin events via STOMP\n1826625 - Improve performance of externalNodes\n1826678 - New version of the plugin is available: 2.0.6\n1826734 - Tasks uses wrong controller name for bookmarks\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories\n1827583 - Installing dhcp_isc and dhcp_remote_isc fails with \"You cannot specify the same gem twice with different version requirements.....You specified: rsec (\u003c 1) and rsec (\u003e= 0)\"\n1828257 - Receptor init file missing [Install] section, receptor service won\u0027t run after restart\n1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API\n1828549 - Manifest Certificate Exposed by Unprivileged User\n1828682 - Create compute resource shows console error \u0027Cannot read property \u0027aDataSort\u0027 of undefined\u0027\n1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default\n1828868 - Add keep alive option in Receptor node\n1829487 - Ansible verbosity level does not work\n1829766 - undefined method `tr\u0027 for nil:NilClass when trying to get a new DHCP lease from infoblox\n1830253 - Default job templates are not locked\n1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time\n1830834 - Unable to update default value of a smart class parameter (Sql query error). \n1830860 - Refactor loading regions based on subscription dynamically\n1830882 - Red Hat Satellite brand icon is missing\n1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo\n1831528 - CVE-2020-5267 rubygem-actionview: views that use the `j` or `escape_javascript` methods are susceptible to XSS attacks\n1833031 - Improve RH account ID fetching in cloud connector playbook\n1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)\n1833039 - Introduce error code to playbook_run_finished response type\n1833311 - \"Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid\" while creating scap policy with ansible deployment option. \n1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of \u0027/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud\u0027 returned 1: Error: Nothing to do\n1834377 - Disable mongo FTDC\n1834866 - Missing macro for \"registered_at\" host subscription facet\n1834898 - Login Page background got centralized and cropped\n1835189 - Missing macro for \"host_redhat_subscriptions\" in host subscription facet\n1835241 - Some applicability of the consumers are not recalculated after syncing a repository\n1835882 - While executing \"Configure Cloud Connector\" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting\n1836155 - Support follow on rails, travis and i18n work for AzureRm plugin\n1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman. \n1836774 - Some foreman services failed to start (pulp_streamer)\n1836845 - \"Generate at\" in report template should be current date\n1837951 - \"invalid Unicode Property \\p: /\\b\\perform various actions through those proxies\\b(?!-)/\" warning messages appears in dynflow-sidekiq@worker-hosts-queue\n1838160 - \u0027Registered hosts\u0027 report does not list kernel release for rhsm clients\n1838191 - Arrow position is on left rather in the middle under \"Start Time\"\n1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory\n1838917 - Repositories are not showing their available Release versions due to a low default db pool size\n1838963 - Hypervisors from Satellite, never makes their way to HBI\n1838965 - Product name link is not working on the activation keys \"Repository Sets\" tab. \n1839025 - Configure Cloud Connector relies on information which is no longer provided by the API\n1839649 - satellite-installer --reset returns a traceback\n1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds\n1839779 - undefined local variable or method `implicit_order_column\u0027 for #\u003cActiveRecord::Associations::CollectionProxy\u003e on GET request to /discovery_rules endpoint\n1839966 - New version of the plugin is available: 2.0.7\n1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out . \n1840191 - Validate parameters passed by receptor to the receptor-satellite plugin\n1840218 - ArgumentError: wrong number of arguments\n1840525 - Content host list doesn\u0027t update after the successful deletion of content host. \n1840635 - Proxy has failed to load one or more features (Realm)\n1840723 - Selected scenario is DISABLED, can not continue\n1840745 - Satellite installation failed with puppet error \" No Puppet module parser is installed\"\n1841098 - Failed to resolve package dependency while doing satellite upgrade. \n1841143 - Known hosts key removal may fail hard, preventing host from being provisioned\n1841573 - Clicking breadcrumb \"Auth Source Ldaps\" on Create LDAP Auth Source results in \"The page you were looking for doesn\u0027t exist.\"\n1841818 - icons missing on /pub download page\n1842900 - ERROR! the role \u0027satellite-receptor\u0027 was not found in ... \n1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/\n1843406 - In 6.8, Receptor installation playbook\u0027s inputs are visible again\n1843561 - Report templates duplicated\n1843846 - Host - Registered Content Hosts report: \"Safemode doesn\u0027t allow to access \u0027report_hraders\u0027 on #\u003cSafemode::ScopeObject\u003e\"\n1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8\n1843926 - satellite-change-hostname fails when running nsupdate\n1844142 - [RFE] Drop a subsription-manager fact with the satellite version\n1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP\n1845486 - [RFE] Able to select \u0027HTTP Proxy\u0027 during Compute Resource create for \u0027GCE\u0027 as similar to EC2\n1845860 - hammer org add-provisioning-template command returns Error: undefined method `[]\u0027 for nil:NilClass\n1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1846254 - need to restart services after enabling leapp plugin\n1846313 - Add index on locks for resource type and task id\n1846317 - undefined method `klass\u0027 for nil:NilClass\n1846421 - build pxe default do not work when more than 1 provider\n1846593 - Satellite-installer failed with error \"Could not find a suitable provider for foreman_smartproxy\" while doing upgrade from 6.7 to 6.8\n1847019 - Empty applicability for non-modular repos\n1847063 - Slow manifest import and/or refresh\n1847407 - load_pools macro not in list of macros\n1847645 - Allow override of Katello\u0027s DISTRIBUTOR_VERSION\n1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details. \n1847840 - Libvirt note link leads to 404\n1847871 - Combined Profile Update: ArgumentError: invalid argument: nil. \n1848291 - Download kernel/initram for kexec asynchronously\n1848535 - Unable to create a pure IPv6 host\n1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)\n1848902 - ERF42-0258 [Foreman::Exception]: \u003cuuid\u003e is not valid, enter id or name\n1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory\n1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool\n1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms\n1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule\n1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names\n1849656 - ERROR! You cannot use loops on \u0027import_tasks\u0027 statements. You should use \u0027include_tasks\u0027 instead. \n1849680 - Task progress decimal precision discrepancy between UI, CLI, and API\n1849869 - Unable to recycle the dynflow executor\n1850355 - Auth Source Role Filters are not working in Satellite 6.8\n1850536 - Can\u0027t add RHEV with APIv3 through Hammer\n1850914 - Checksum type \"sha256\" is not available for all units in the repository. Make sure those units have been downloaded\n1850934 - Satellite-installer failed with error \"Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)\"\n1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates\n1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9\n1851167 - Autoattach -\u003e \"undefined\" subscription added\n1851176 - Subscriptions do not provide any repository sets\n1851952 - \"candlepin_events FAIL Not running\" and wont restart\n1852371 - Allow http proxy ports by default\n1852723 - Broken link for documentation on installation media page\n1852733 - Inventory upload documentation redirects to default location\n1852735 - New version of the plugin is available: 2.0.8\n1853076 - large capsule syncs cause slow processing of dynflow tasks/steps\n1853200 - foreman-rake-db:migrate Fails on \"No indexes found on foreman_tasks_locks with the options provided\"\n1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7\n1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh\n1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views\n1853572 - Broken documentation link for \u0027RHV\u0027 in Compute Resource\n1854138 - System purpose status should show as \u0027disabled\u0027 when Satellite is in Simple Content Access mode. \n1854397 - Compliance reports are not being uploaded to satellite. \n1854530 - PG::NotNullViolation when syncing hosts from cloud\n1855008 - Host parameters are set after the host is created. \n1855254 - Links to documentation broken in HTTP Proxies setup\n1855348 - katello_applicability accidentally set to true at install\n1855710 - \u0027Ensure RPM repository is configured and enabled\u0027 task says \u0027FIXME\u0027\n1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page. \n1856379 - Add missing VM creation tests\n1856401 - [RFE] Add module to create HTTP Proxy\n1856831 - New version of the plugin is available: 2.0.9\n1856837 - undefined method \u0027#httpboot\u0027 for NilClass::Jail (NilClass) when creating an IPv6 only host\n1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500\n1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos\n1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos\n1857377 - Capsule Upgrade Playbook fails with \"Failed to initialize: NoMethodError - undefined method `default_capsule\u0027 for Katello:Module\"\n1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError\n1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename. \n1857726 - Warnings are shown during the satellite package installation on RHEL 7.9\n1858237 - Upgraded Satellite has duplicated katello_pools indexes\n1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user\n1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite\n1858855 - Creating compute resources on IPV6 network does not fail gracefully\n1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf\n1859194 - load_hosts macro duplicated in a list of macros\n1859276 - Need to update the deprecation warning message on Statistics and Trends page. \n1859705 - Tomcat is not running on fresh Capsule installation\n1859929 - User can perform other manifest actions while the first one starts\n1860351 - \u0027Host - compare content hosts packages\u0027 report fails with error \u0027undefined method \u0027#first\u0027 for NilClass\u0027\n1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed\n1860422 - Host with remediations can\u0027t be removed\n1860430 - \u0027Host - compare content hosts packages\u0027 report: Safemode doesn\u0027t allow to access \u0027version\u0027... \n1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service\n1860519 - Browsing capsule /pub directory with https fails with forbidden don\u0027t have permission to access /pub/ error. \n1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8\n1860587 - Documentation link in Administer -\u003e About pointing to 6.6 document. \n1860835 - Installed Packages not displayed on About page\n1860957 - Unable to select an organization for sync management\n1861367 - Import Template sync never completes\n1861397 - UI dialog for Capsule Upgrade Playbook job doesn\u0027t state whitelist_options is required\n1861422 - Error encountered while handling the response, replying with an error message (\u0027plugin_config\u0027)\n1861656 - smart-proxy-openscap-send command fails to upload reports to satellite. \n1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request\n1861766 - Add ability to list traces by host with hammer\n1861807 - Cancel/Abort button should be disabled once REX job is finish\n1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer\n1861831 - satellite-change-hostname cannot change the satellite hostname after failing. \n1861890 - Recommended repos do not match Satellite version\n1861970 - Content -\u003e Product doesn\u0027t work when no organization is selected\n1862135 - updating hosts policy using bulk action fails with sql error\n1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite. \n1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6\n1865871 - Obfuscated hosts do not have domain reported\n1865872 - Templates doc - examples on onepage.html are not processed\n1865874 - Add inventory status to host\n1865876 - Make recommendations count in hosts index a link\n1865879 - Add automatic scheduler for insights sync\n1865880 - Add an explanation how to enable insights sync\n1865928 - Templates documentation help page has hard-coded Satellite setting value\n1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently\n1866029 - Templates DSL documentation: Parts of description are put in \u003cpre\u003e tag\n1866436 - host search filter does not work in job invocation page\n1866461 - Run action is missing in job templates page\n1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page\n1866700 - Hammer CLI is missing \"resolve\" (traces) option for katello-tracer\n1866710 - Wrong API endpoint path referenced for resolving host traces\n1867239 - hammer content-view version incremental-update fails with ISE\n1867287 - Error Row was updated or deleted by another transaction when deleting docker repository\n1867311 - Upgrade fails when checkpoint_segments postgres parameter configured\n1867399 - Receptor-satellite isn\u0027t able to deal with jobs where all the hosts are unknown to satellite\n1867895 - API Create vmware ComputeResource fails with \"Datacenter can\u0027t be blank\"\n1868183 - Unable to change virt-who hypervisor location. \n1868971 - Receptor installation job doesn\u0027t properly escape data it puts into receptor.conf\n1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)\u0027 messages come in upgrade and installation. \n1869812 - Tasks fail to complete under load\n1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow\n1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)\n1871434 - theme css \".container\" class rule is too generic\n1871729 - ansible-runner implementation depends on third party repository for ansible-runner package. \n1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout\n1871978 - Bug in provisioning_template Module\n1872014 - Enable web console on host error in \"Oops, we\u0027re sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console\"\n1872041 - Host search returns incorrect result\n1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result\n1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover\n1874143 - Red Hat Inventory Uploads does not use proxy\n1874160 - Changing Content View of a Content Host needs to better inform the user around client needs\n1874168 - Sync Plan fails with \u0027uninitialized constant Actions::Foreman::Exception\u0027\n1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file\n1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)\n1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow\n1874176 - Unable to search by value of certain Hostgroup parameter\n1874422 - Hits Sync uses only old proxy setting\n1874619 - Hostgroup tag is never reported in slice\n1875357 - After upgrade server response check failed for candlepin. \n1875426 - Azure VM provision fails with error `requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`\n1875660 - Reporting Template macros host_cores is not working as expected\n1875667 - Audit page list incorrect search filter\n1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only\n1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding\n1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries\n1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-*.csv\n1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-*.csv\n1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-*.csv\n1878194 - In Capsule upgrade, \"yum update\" dump some error messages. \n1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled\n1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections\n1878850 - creating host from hg doesn\u0027t resolves the user-data template\n1879151 - Remote execution status not updating with large number of hosts\n1879448 - Add hits details to host details page\n1879451 - Stop uploading if Satellite\u0027s setting is disconnected\n1879453 - Add plugin version to report metadata\n1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP\n1880637 - [6.8] satellite-installer always runs upgrade steps\n1881066 - Safemode doesn\u0027t allow to access \u0027host_cores\u0027 on #\u003cSafemode::ScopeObject\u003e\n1881078 - Use Passenger instead of Puma as the Foreman application server\n1881988 - [RFE] IPv6 support for Satellite 6.8\n1882276 - Satellite installation fails at execution of \u0027/usr/sbin/foreman-rake -- config -k \u0027remote_execution_cockpit_url\u0027 -v \u0027/webcon/=%{host}\u0027\u0027\n1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results\n1883093 - installer-upgrade failed with error \"Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)\"\n1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error \"HTTP error (500 - Internal Server Error): Unable to register system, not all services available\"\n1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals\n1887489 - Insights rules can\u0027t be loaded on freshly installed Satellite system\n1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO\n\n6. Package List:\n\nRed Hat Satellite Capsule 6.8:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-child-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-common-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nRed Hat Satellite 6.7:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncandlepin-3.1.21-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nforeman-selinux-2.1.2.3-1.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npcp-mmvstatsd-0.4-2.el7sat.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-aiohttp-3.6.2-4.el7ar.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-async-timeout-3.0.1-2.el7ar.src.rpm\npython-attrs-19.3.0-3.el7ar.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-chardet-3.0.4-10.el7ar.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-dateutil-2.8.1-2.el7ar.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-idna-2.4-2.el7ar.src.rpm\npython-idna-ssl-1.1.0-2.el7ar.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-multidict-4.7.4-2.el7ar.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-prometheus-client-0.7.1-2.el7ar.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-receptor-satellite-1.2.0-1.el7sat.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-six-1.11.0-8.el7ar.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-typing-extensions-3.7.4.1-2.el7ar.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-yarl-1.4.2-2.el7ar.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nreceptor-0.6.3-1.el7ar.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm\nrubygem-facter-2.4.1-2.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nrubygem-passenger-4.0.18-24.el7sat.src.rpm\nrubygem-rack-1.6.12-1.el7sat.src.rpm\nrubygem-rake-0.9.2.2-41.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.src.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.src.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.src.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.src.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.src.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.src.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.src.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.src.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.src.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.src.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.src.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncandlepin-3.1.21-1.el7sat.noarch.rpm\ncandlepin-selinux-3.1.21-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-2.1.2.19-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-cli-2.1.2.19-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ec2-2.1.2.19-1.el7sat.noarch.rpm\nforeman-gce-2.1.2.19-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-journald-2.1.2.19-1.el7sat.noarch.rpm\nforeman-libvirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-openstack-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ovirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-postgresql-2.1.2.19-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nforeman-selinux-2.1.2.3-1.el7sat.noarch.rpm\nforeman-service-2.1.2.19-1.el7sat.noarch.rpm\nforeman-telemetry-2.1.2.19-1.el7sat.noarch.rpm\nforeman-vmware-2.1.2.19-1.el7sat.noarch.rpm\nkatello-3.16.0-1.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkatello-selinux-3.4.0-1.el7sat.noarch.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\npython3-async-timeout-3.0.1-2.el7ar.noarch.rpm\npython3-attrs-19.3.0-3.el7ar.noarch.rpm\npython3-chardet-3.0.4-10.el7ar.noarch.rpm\npython3-dateutil-2.8.1-2.el7ar.noarch.rpm\npython3-idna-2.4-2.el7ar.noarch.rpm\npython3-idna-ssl-1.1.0-2.el7ar.noarch.rpm\npython3-prometheus-client-0.7.1-2.el7ar.noarch.rpm\npython3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm\npython3-six-1.11.0-8.el7ar.noarch.rpm\npython3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nreceptor-0.6.3-1.el7ar.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nrubygem-rack-1.6.12-1.el7sat.noarch.rpm\nrubygem-rake-0.9.2.2-41.el7sat.noarch.rpm\nsatellite-6.8.0-1.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-cli-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_passenger-4.0.18-24.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\npython3-aiohttp-3.6.2-4.el7ar.x86_64.rpm\npython3-multidict-4.7.4-2.el7ar.x86_64.rpm\npython3-yarl-1.4.2-2.el7ar.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm\nrubygem-facter-2.4.1-2.el7sat.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nrubygem-passenger-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-3258\nhttps://access.redhat.com/security/cve/CVE-2018-11751\nhttps://access.redhat.com/security/cve/CVE-2019-12781\nhttps://access.redhat.com/security/cve/CVE-2019-16782\nhttps://access.redhat.com/security/cve/CVE-2020-5216\nhttps://access.redhat.com/security/cve/CVE-2020-5217\nhttps://access.redhat.com/security/cve/CVE-2020-5267\nhttps://access.redhat.com/security/cve/CVE-2020-7238\nhttps://access.redhat.com/security/cve/CVE-2020-7663\nhttps://access.redhat.com/security/cve/CVE-2020-7942\nhttps://access.redhat.com/security/cve/CVE-2020-7943\nhttps://access.redhat.com/security/cve/CVE-2020-8161\nhttps://access.redhat.com/security/cve/CVE-2020-8184\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11619\nhttps://access.redhat.com/security/cve/CVE-2020-14061\nhttps://access.redhat.com/security/cve/CVE-2020-14062\nhttps://access.redhat.com/security/cve/CVE-2020-14195\nhttps://access.redhat.com/security/cve/CVE-2020-14334\nhttps://access.redhat.com/security/cve/CVE-2020-14380\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK\n1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa\n5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr\noomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f\nZ8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io\nOhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX\nk9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG\nC2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5\n/6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta\nD2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a\nf4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG\n1yK/tAm1KBU=osSG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nSecurity Fix(es):\n\n* netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)\n\n* dom4j (CVE-2018-1000632)\n\n* elasticsearch (CVE-2018-3831)\n\n* pdfbox (CVE-2018-11797)\n\n* vertx (CVE-2018-12541)\n\n* spring-data-jpa (CVE-2019-3797)\n\n* mina-core (CVE-2019-0231)\n\n* jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540\nCVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943\nCVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619\nCVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)\n\n* jackson-mapper-asl (CVE-2019-10172)\n\n* hawtio (CVE-2019-9827)\n\n* undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)\n\n* santuario (CVE-2019-12400)\n\n* apache-commons-beanutils (CVE-2019-10086)\n\n* cxf (CVE-2019-17573)\n\n* apache-commons-configuration (CVE-2020-1953)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. \n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1728604 - CVE-2019-9827 hawtio: server side request forgery via initial /proxy/ substring of a URI\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource\n1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig\n1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package\n1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package\n1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package\n1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*\n1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource\n1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source\n1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default\n1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS\n1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*\n1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page\n1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header\n1798524 - CVE-2019-20444 netty: HTTP request smuggling\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1815212 - CVE-2020-1953 apache-commons-configuration: uncontrolled class instantiation when loading YAML files\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory\n1848960 - CVE-2020-14060 jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool\n1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool\n1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2020-14195" }, { "db": "JVNDB", "id": "JVNDB-2020-007015" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-167049" }, { "db": "VULMON", "id": "CVE-2020-14195" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "158636" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-14195", "trust": 2.8 }, { "db": "PACKETSTORM", "id": "159724", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-007015", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202006-1070", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2280", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2588", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3703", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042845", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021072123", "trust": 0.6 }, { "db": "NSFOCUS", "id": "48394", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2020-52692", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-167049", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-14195", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158636", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-167049" }, { "db": "VULMON", "id": "CVE-2020-14195" }, { "db": "JVNDB", "id": "JVNDB-2020-007015" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "NVD", "id": "CVE-2020-14195" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202006-1070" } ] }, "id": "VAR-202006-1825", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-167049" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:03:08.949000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Block one more gadget type (org.jsecurity, CVE-2020-14195) #2765", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2765" }, { "title": "hitachi-sec-2020-125", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-125/index.html" }, { "title": "hitachi-sec-2020-125", "trust": 0.8, "url": "https://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2020-125/index.html" }, { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=122515" }, { "title": "IBM: Security Bulletin: Netcool Operations Insight component IBM Network Performance Insight 1.3.1 affected by CVE-2020-14195", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=65584a3dc4fa3ff4771f7034ca97043a" }, { "title": "Red Hat: Important: Satellite 6.8 release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204366 - security advisory" }, { "title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-125" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109" }, { "title": "Al1ex", "trust": 0.1, "url": "https://github.com/al1ex/al1ex " }, { "title": "cubed", "trust": 0.1, "url": "https://github.com/yahoo/cubed " }, { "title": "SecBooks", "trust": 0.1, "url": "https://github.com/sexybeast233/secbooks " }, { "title": "", "trust": 0.1, "url": "https://github.com/soosmile/poc " }, { "title": "CVE-POC", "trust": 0.1, "url": "https://github.com/0xt11/cve-poc " }, { "title": "PoC", "trust": 0.1, "url": "https://github.com/jonathan-elias/poc " }, { "title": "PoC-in-GitHub", "trust": 0.1, "url": "https://github.com/developer3000s/poc-in-github " }, { "title": "PoC-in-GitHub", "trust": 0.1, "url": "https://github.com/hectorgie/poc-in-github " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-14195" }, { "db": "JVNDB", "id": "JVNDB-2020-007015" }, { "db": "CNNVD", "id": "CNNVD-202006-1070" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-167049" }, { "db": "JVNDB", "id": "JVNDB-2020-007015" }, { "db": "NVD", "id": "CVE-2020-14195" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 2.4, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 2.4, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20200702-0003/" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2765" }, { "trust": 1.8, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html" }, { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14195" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14195" }, { "trust": 0.7, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insight-component-ibm-network-performance-insight-1-3-1-affected-by-cve-2020-14195/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-code-execution-via-org-jsecurity-32688" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2280/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3703/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072123" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2588/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042845" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.oracle.com/security-alerts/cpujul2021.html" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/48394" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159724/red-hat-security-advisory-2020-4366-01.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-9547" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-10968" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-9546" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-14061" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-11619" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-9548" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-14062" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-8840" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-10969" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-7238" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-14195" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:4366" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16782" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16782" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12781" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-5267" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14380" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11751" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7943" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8184" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14334" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11751" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-5217" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12781" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5267" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7663" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5217" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7663" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14380" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8184" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7942" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10693" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8161" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14334" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7943" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-5216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16335" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11112" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11113" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14060" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16943" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10672" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20444" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20330" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3831" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20445" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10673" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17531" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-12541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4970" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9827" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14540" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1745" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9511" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10172" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1953" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1757" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17267" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14893" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11111" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17573" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14888" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12400" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14892" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3192" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888" } ], "sources": [ { "db": "VULHUB", "id": "VHN-167049" }, { "db": "VULMON", "id": "CVE-2020-14195" }, { "db": "JVNDB", "id": "JVNDB-2020-007015" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "NVD", "id": "CVE-2020-14195" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202006-1070" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-167049" }, { "db": "VULMON", "id": "CVE-2020-14195" }, { "db": "JVNDB", "id": "JVNDB-2020-007015" }, { "db": "PACKETSTORM", "id": "159724" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "NVD", "id": "CVE-2020-14195" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202006-1070" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-16T00:00:00", "db": "VULHUB", "id": "VHN-167049" }, { "date": "2020-06-16T00:00:00", "db": "VULMON", "id": "CVE-2020-14195" }, { "date": "2020-07-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-007015" }, { "date": "2020-10-27T16:58:42", "db": "PACKETSTORM", "id": "159724" }, { "date": "2020-07-29T00:05:59", "db": "PACKETSTORM", "id": "158636" }, { "date": "2020-06-16T16:15:11.107000", "db": "NVD", "id": "CVE-2020-14195" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2020-06-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202006-1070" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-17T00:00:00", "db": "VULHUB", "id": "VHN-167049" }, { "date": "2021-11-17T00:00:00", "db": "VULMON", "id": "CVE-2020-14195" }, { "date": "2020-08-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-007015" }, { "date": "2021-11-17T20:20:55.263000", "db": "NVD", "id": "CVE-2020-14195" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-06-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202006-1070" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "159724" }, { "db": "CNNVD", "id": "CNNVD-202006-1070" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind Unreliable data deserialization vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-007015" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202003-1778">var-202003-1778</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4 due to insecure deserialization of com.caucho.config.types.ResourceRef (caucho-quercus). A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:</p> <p>Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. </p> <p>It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. </p> <p>Security Fix(es):</p> <ul> <li> <p>apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)</p> </li> <li> <p>cxf: does not restrict the number of message attachments (CVE-2019-12406)</p> </li> <li> <p>cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12419)</p> </li> <li> <p>hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)</p> </li> <li> <p>HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)</p> </li> <li> <p>HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)</p> </li> <li> <p>HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)</p> </li> <li> <p>HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)</p> </li> <li> <p>jackson-databind: Multiple serialization gadgets (CVE-2019-17531, CVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540, CVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2019-20330, CVE-2020-8840)</p> </li> <li> <p>jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672, CVE-2020-10673)</p> </li> <li> <p>keycloak: adapter endpoints are exposed via arbitrary URLs (CVE-2019-14820)</p> </li> <li> <p>keycloak: missing signatures validation on CRL used to verify client certificates (CVE-2019-3875)</p> </li> <li> <p>keycloak: SAML broker does not check existence of signature on document allowing any user impersonation (CVE-2019-10201)</p> </li> <li> <p>keycloak: CSRF check missing in My Resources functionality in the Account Console (CVE-2019-10199)</p> </li> <li> <p>keycloak: cross-realm user access auth bypass (CVE-2019-14832)</p> </li> <li> <p>netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)</p> </li> <li> <p>SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader (CVE-2020-1729)</p> </li> <li> <p>thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)</p> </li> <li> <p>thrift: Endless loop when feed with specific input data (CVE-2019-0205)</p> </li> <li> <p>undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888)</p> </li> <li> <p>wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887)</p> </li> <li> <p>wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default (CVE-2019-14838)</p> </li> <li> <p>xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source (CVE-2019-12400)</p> </li> </ul> <p>For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section. Solution:</p> <p>Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. </p> <p>The References section of this erratum contains a download link for the update. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>==================================================================== <br /> Red Hat Security Advisory</p> <p>Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update Advisory ID: RHSA-2020:3462-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:3462 Issue date: 2020-08-17 CVE Names: CVE-2019-14900 CVE-2020-1710 CVE-2020-1748 CVE-2020-10672 CVE-2020-10673 CVE-2020-10683 CVE-2020-10687 CVE-2020-10693 CVE-2020-10714 CVE-2020-10718 CVE-2020-10740 CVE-2020-14297 ==================================================================== 1. Summary:</p> <p>An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Relevant releases/architectures:</li> </ol> <p>Red Hat JBoss EAP 7.3 for RHEL 7 Server - noarch</p> <ol> <li>Description:</li> </ol> <p>Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. </p> <p>This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release. </p> <p>Security Fix(es):</p> <ul> <li> <p>wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)</p> </li> <li> <p>dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)</p> </li> <li> <p>wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)</p> </li> <li> <p>wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)</p> </li> <li> <p>jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)</p> </li> <li> <p>hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)</p> </li> <li> <p>wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)</p> </li> <li> <p>jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)</p> </li> <li> <p>undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)</p> </li> <li> <p>hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)</p> </li> <li> <p>wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)</p> </li> <li> <p>wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)</p> </li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. </p> <ol> <li>Solution:</li> </ol> <p>Before applying this update, ensure all previously released errata relevant to your system have been applied. </p> <p>For details about how to apply this update, see:</p> <p>https://access.redhat.com/articles/11258</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service</p> <ol> <li>JIRA issues fixed (https://issues.jboss.org/):</li> </ol> <p>JBEAP-18793 - <a href="7.3.z">GSS</a> Upgrade Hibernate ORM from 5.3.16 to 5.3.17 JBEAP-19095 - <a href="7.3.z">GSS</a> Upgrade wildfly-http-client from 1.0.20 to 1.0.21 JBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final JBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final JBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m JBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x JBEAP-19269 - <a href="7.3.z">GSS</a> Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final JBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1 JBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001 JBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001 JBEAP-19410 - Tracker bug for the EAP 7.3.2 release for RHEL-7 JBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. JBEAP-19564 - <a href="7.3.z">GSS</a> Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001 JBEAP-19585 - <a href="7.3.z">GSS</a> Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6 JBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001 JBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001 JBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final JBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final JBEAP-19874 - <a href="7.3.z">GSS</a> Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001</p> <ol> <li>Package List:</li> </ol> <p>Red Hat JBoss EAP 7.3 for RHEL 7 Server:</p> <p>Source: eap7-dom4j-2.1.3-1.redhat_00001.1.el7eap.src.rpm eap7-elytron-web-1.6.2-1.Final_redhat_00001.1.el7eap.src.rpm eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el7eap.src.rpm eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el7eap.src.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el7eap.src.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el7eap.src.rpm eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el7eap.src.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-core-2.10.4-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-databind-2.10.4-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-jaxrs-providers-2.10.4-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el7eap.src.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el7eap.src.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el7eap.src.rpm eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el7eap.src.rpm eap7-netty-4.1.48-1.Final_redhat_00001.1.el7eap.src.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el7eap.src.rpm eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el7eap.src.rpm eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-http-client-1.0.22-1.Final_redhat_00001.1.el7eap.src.rpm</p> <p>noarch: eap7-dom4j-2.1.3-1.redhat_00001.1.el7eap.noarch.rpm eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el7eap.noarch.rpm eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-core-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-entitymanager-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-envers-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-java8-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-validator-cdi-6.0.20-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-cachestore-jdbc-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-cachestore-remote-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-client-hotrod-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-commons-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-core-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-api-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-api-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-validator-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-core-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-databind-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-datatype-jdk8-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-datatype-jsr310-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-jaxrs-base-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-core-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-netty-4.1.48-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-all-4.1.48-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-server-1.6.2-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.7-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-client-common-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-modules-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm</p> <p>These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/</p> <ol> <li>References:</li> </ol> <p>https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2020-1710 https://access.redhat.com/security/cve/CVE-2020-1748 https://access.redhat.com/security/cve/CVE-2020-10672 https://access.redhat.com/security/cve/CVE-2020-10673 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10687 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/cve/CVE-2020-10718 https://access.redhat.com/security/cve/CVE-2020-10740 https://access.redhat.com/security/cve/CVE-2020-14297 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBXzqIZtzjgjWX9erEAQgbmw/9EMmKKCCwal4bB6c8JuVi9V1qwN8+GJA4 BT8rEG7nDCffXvCdGzhPj1JofUlvVLcMX6T7DhC7DJ3acsCFoMvpVvranRkhnXkj 9sIZxPYy2ZFRIXWt8tUvVYeYZdKJ+dKsHRzzCetQr0vd9L9gWuGUZcroS+PTdkCn 2Us87nq0bPNqMAX4q5iqs/+yM7WrcmL8bJELEFU+QwZQOtqKpnOiCUVwUnPxHuAB gTk5DLAdJaj/FFmQH0l2Qc0brTXRvcjFLhme3ygQcfiOB0bh4KO+ykhOS+lznCIB a33P5m0/eXkdjMuT9PxxllMpE3cygCrN0caFwm5F/rJVUczc6MNBCWQ2605xiiNt xQOh429J3J9S+Ew+hwBsaWRwKgibItBI3aa/AiUHHPnwj5Q33hj3+2/53k7QuN/0 59JqQ1hOz7x857G2HaAPiCWu3QDhHqfdhewrLpCEnrO0HhLiPoHou8tuD8UnITws OfWtjSw0bwBnhb3OsmGlQxHtIDfY+TpJKQ6YPukUmc0KiRfC695HNgk91b4u5M5O 42Oo9g4g4rxVezCI1+WaN1KRA1J7yUTmvAFuz/1QervXpvw1xGbILLqlJI7maNnX bN4s3UgKVYLg/hlGiOMvLVTAuHY8OIyiijNoAcHXZv63+AGWQTRUihyIpl8KcFIr V2uaf/+66c0=doZv -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The purpose of this text-only errata is to inform you about the security issues fixed in this release. </p> <p>Security Fix(es):</p> <ul> <li> <p>netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)</p> </li> <li> <p>dom4j (CVE-2018-1000632)</p> </li> <li> <p>elasticsearch (CVE-2018-3831)</p> </li> <li> <p>pdfbox (CVE-2018-11797)</p> </li> <li> <p>vertx (CVE-2018-12541)</p> </li> <li> <p>spring-data-jpa (CVE-2019-3797)</p> </li> <li> <p>mina-core (CVE-2019-0231)</p> </li> <li> <p>jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540 CVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943 CVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619 CVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)</p> </li> <li> <p>jackson-mapper-asl (CVE-2019-10172)</p> </li> <li> <p>hawtio (CVE-2019-9827)</p> </li> <li> <p>undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)</p> </li> <li> <p>santuario (CVE-2019-12400)</p> </li> <li> <p>apache-commons-beanutils (CVE-2019-10086)</p> </li> <li> <p>cxf (CVE-2019-17573)</p> </li> <li> <p>apache-commons-configuration (CVE-2020-1953)</p> </li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. </p> <p>Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Summary:</p> <p>This is a security update for JBoss EAP Continuous Delivery 20. Description:</p> <p>Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202003-1778" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202003-1778" aria-expanded="false" aria-controls="collapseJsonvar-202003-1778"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202003-1778&t=Vulnerability var-202003-1778" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202003-1778&title=Vulnerability var-202003-1778" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202003-1778&url=https://vulnerability.circl.lu/vuln/var-202003-1778" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202003-1778&title=Vulnerability var-202003-1778" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202003-1778&description=Vulnerability var-202003-1778" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202003-1778&title=Vulnerability var-202003-1778" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202003-1778')" vuln-id="var-202003-1778" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202003-1778"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202003-1778">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1778", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "insurance policy administration j2ee", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.1.0.15" }, { "model": "retail sales audit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.0.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.3" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.1" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "financial services price creation and discovery", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.2" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "communications network charging and control", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "12.0.3" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "financial services institutional performance analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "financial services analytical applications infrastructure", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.1.0" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "global lifecycle management opatch", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "12.2.0.1.20" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.4" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.4.2" }, { "model": "financial services retail customer analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications network charging and control", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "12.0.0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.0.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "communications contacts server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.5.0" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.4.2" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.2" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.6.7.4" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "financial services analytical applications infrastructure", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.6" }, { "model": "banking platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "2.4.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.4.0.0" }, { "model": "insurance policy administration j2ee", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2.25" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.4.0" }, { "model": "banking platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "2.9.0" }, { "model": "banking digital experience", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.2" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2" }, { "model": "financial services institutional performance analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "financial services price creation and discovery", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "steelstore cloud integrated storage", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "communications calendar server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.4.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.1" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.0" }, { "model": "financial services institutional performance analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2020-10673" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.4", "versionStartIncluding": "2.9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.6.7.4", "versionStartIncluding": "2.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.1.0", "versionStartIncluding": "8.0.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.0.3", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.9.0", "versionStartIncluding": "2.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.2.0.1.20", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-10673" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159083" }, { "db": "PACKETSTORM", "id": "158889" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "159015" }, { "db": "PACKETSTORM", "id": "159080" }, { "db": "PACKETSTORM", "id": "158916" }, { "db": "CNNVD", "id": "CNNVD-202003-1151" } ], "trust": 1.5 }, "cve": "CVE-2020-10673", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-163175", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-10673", "trust": 1.0, "value": "HIGH" }, { "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "id": "CVE-2020-10673", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202003-1151", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-163175", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-163175" }, { "db": "CNNVD", "id": "CNNVD-202003-1151" }, { "db": "NVD", "id": "CVE-2020-10673" }, { "db": "NVD", "id": "CVE-2020-10673" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4 due to insecure deserialization of com.caucho.config.types.ResourceRef (caucho-quercus). A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nSecurity Fix(es):\n\n* apache-commons-beanutils: does not suppresses the class property in\nPropertyUtilsBean by default (CVE-2019-10086)\n\n* cxf: does not restrict the number of message attachments (CVE-2019-12406)\n\n* cxf: OpenId Connect token service does not properly validate the clientId\n(CVE-2019-12419)\n\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* jackson-databind: Multiple serialization gadgets (CVE-2019-17531,\nCVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540,\nCVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546,\nCVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968,\nCVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619,\nCVE-2020-11620, CVE-2019-20330, CVE-2020-8840)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command \nexecution (CVE-2020-10672, CVE-2020-10673)\n\n* keycloak: adapter endpoints are exposed via arbitrary URLs\n(CVE-2019-14820)\n\n* keycloak: missing signatures validation on CRL used to verify client\ncertificates (CVE-2019-3875)\n\n* keycloak: SAML broker does not check existence of signature on document\nallowing any user impersonation (CVE-2019-10201)\n\n* keycloak: CSRF check missing in My Resources functionality in the Account\nConsole (CVE-2019-10199)\n\n* keycloak: cross-realm user access auth bypass (CVE-2019-14832)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n\n* SmallRye: SecuritySupport class is incorrectly public and contains a\nstatic method to access the current threads context class loader\n(CVE-2020-1729)\n\n* thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* thrift: Endless loop when feed with specific input data (CVE-2019-0205)\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server\nlistening on HTTPS (CVE-2019-14888)\n\n* wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not\nrespected if OpenSSL security provider is in use (CVE-2019-14887)\n\n* wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and\n\u0027Deployer\u0027 user by default (CVE-2019-14838)\n\n* xml-security: Apache Santuario potentially loads XML parsing code from an\nuntrusted source (CVE-2019-12400)\n\nFor more details about the security issues and their impact, the CVSS\nscore, acknowledgements, and other related information, see the CVE pages\nlisted in the References section. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update\nAdvisory ID: RHSA-2020:3462-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3462\nIssue date: 2020-08-17\nCVE Names: CVE-2019-14900 CVE-2020-1710 CVE-2020-1748\n CVE-2020-10672 CVE-2020-10673 CVE-2020-10683\n CVE-2020-10687 CVE-2020-10693 CVE-2020-10714\n CVE-2020-10718 CVE-2020-10740 CVE-2020-14297\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.3 for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.3 for RHEL 7 Server - noarch\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1,\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.3.2 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API\n(CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser\n(CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication\n(CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to\npermitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM\n(CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans\n(CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230\n(CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when\nusing alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial\nof Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, see the CVE page(s) listed in the\nReferences section. \n\n4. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM\n1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser\n1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API\n1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans\n1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18793 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.16 to 5.3.17\nJBEAP-19095 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.20 to 1.0.21\nJBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final\nJBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final\nJBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m\nJBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x\nJBEAP-19269 - [GSS](7.3.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final\nJBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1\nJBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001\nJBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001\nJBEAP-19410 - Tracker bug for the EAP 7.3.2 release for RHEL-7\nJBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. \nJBEAP-19564 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001\nJBEAP-19585 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6\nJBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001\nJBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001\nJBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final\nJBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final\nJBEAP-19874 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001\n\n7. Package List:\n\nRed Hat JBoss EAP 7.3 for RHEL 7 Server:\n\nSource:\neap7-dom4j-2.1.3-1.redhat_00001.1.el7eap.src.rpm\neap7-elytron-web-1.6.2-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el7eap.src.rpm\neap7-hal-console-3.2.9-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-hibernate-5.3.17-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-infinispan-9.4.19-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jackson-annotations-2.10.4-1.redhat_00001.1.el7eap.src.rpm\neap7-jackson-core-2.10.4-1.redhat_00001.1.el7eap.src.rpm\neap7-jackson-databind-2.10.4-1.redhat_00001.1.el7eap.src.rpm\neap7-jackson-jaxrs-providers-2.10.4-1.redhat_00001.1.el7eap.src.rpm\neap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el7eap.src.rpm\neap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el7eap.src.rpm\neap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el7eap.src.rpm\neap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el7eap.src.rpm\neap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el7eap.src.rpm\neap7-netty-4.1.48-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-undertow-2.0.30-4.SP4_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-7.3.2-4.GA_redhat_00002.1.el7eap.src.rpm\neap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el7eap.src.rpm\neap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-http-client-1.0.22-1.Final_redhat_00001.1.el7eap.src.rpm\n\nnoarch:\neap7-dom4j-2.1.3-1.redhat_00001.1.el7eap.noarch.rpm\neap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el7eap.noarch.rpm\neap7-hal-console-3.2.9-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-core-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-envers-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-java8-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-validator-cdi-6.0.20-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-cachestore-jdbc-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-cachestore-remote-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-client-hotrod-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-commons-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-core-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-hibernate-cache-commons-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-hibernate-cache-spi-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-hibernate-cache-v53-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-api-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-impl-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-spi-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-core-api-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-core-impl-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-deployers-common-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-jdbc-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-validator-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-annotations-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-core-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-databind-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-datatype-jdk8-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-datatype-jsr310-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-jaxrs-base-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-module-jaxb-annotations-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-cli-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-core-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.3-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly13.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly14.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly15.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly16.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly17.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly18.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-4.1.48-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-all-4.1.48-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-undertow-2.0.30-4.SP4_redhat_00001.1.el7eap.noarch.rpm\neap7-undertow-server-1.6.2-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-elytron-tool-1.10.7-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-client-common-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-ejb-client-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-naming-client-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-transaction-client-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-java-jdk11-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-java-jdk8-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-javadocs-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-modules-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-14900\nhttps://access.redhat.com/security/cve/CVE-2020-1710\nhttps://access.redhat.com/security/cve/CVE-2020-1748\nhttps://access.redhat.com/security/cve/CVE-2020-10672\nhttps://access.redhat.com/security/cve/CVE-2020-10673\nhttps://access.redhat.com/security/cve/CVE-2020-10683\nhttps://access.redhat.com/security/cve/CVE-2020-10687\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10714\nhttps://access.redhat.com/security/cve/CVE-2020-10718\nhttps://access.redhat.com/security/cve/CVE-2020-10740\nhttps://access.redhat.com/security/cve/CVE-2020-14297\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXzqIZtzjgjWX9erEAQgbmw/9EMmKKCCwal4bB6c8JuVi9V1qwN8+GJA4\nBT8rEG7nDCffXvCdGzhPj1JofUlvVLcMX6T7DhC7DJ3acsCFoMvpVvranRkhnXkj\n9sIZxPYy2ZFRIXWt8tUvVYeYZdKJ+dKsHRzzCetQr0vd9L9gWuGUZcroS+PTdkCn\n2Us87nq0bPNqMAX4q5iqs/+yM7WrcmL8bJELEFU+QwZQOtqKpnOiCUVwUnPxHuAB\ngTk5DLAdJaj/FFmQH0l2Qc0brTXRvcjFLhme3ygQcfiOB0bh4KO+ykhOS+lznCIB\na33P5m0/eXkdjMuT9PxxllMpE3cygCrN0caFwm5F/rJVUczc6MNBCWQ2605xiiNt\nxQOh429J3J9S+Ew+hwBsaWRwKgibItBI3aa/AiUHHPnwj5Q33hj3+2/53k7QuN/0\n59JqQ1hOz7x857G2HaAPiCWu3QDhHqfdhewrLpCEnrO0HhLiPoHou8tuD8UnITws\nOfWtjSw0bwBnhb3OsmGlQxHtIDfY+TpJKQ6YPukUmc0KiRfC695HNgk91b4u5M5O\n42Oo9g4g4rxVezCI1+WaN1KRA1J7yUTmvAFuz/1QervXpvw1xGbILLqlJI7maNnX\nbN4s3UgKVYLg/hlGiOMvLVTAuHY8OIyiijNoAcHXZv63+AGWQTRUihyIpl8KcFIr\nV2uaf/+66c0=doZv\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nSecurity Fix(es):\n\n* netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)\n\n* dom4j (CVE-2018-1000632)\n\n* elasticsearch (CVE-2018-3831)\n\n* pdfbox (CVE-2018-11797)\n\n* vertx (CVE-2018-12541)\n\n* spring-data-jpa (CVE-2019-3797)\n\n* mina-core (CVE-2019-0231)\n\n* jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540\nCVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943\nCVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619\nCVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)\n\n* jackson-mapper-asl (CVE-2019-10172)\n\n* hawtio (CVE-2019-9827)\n\n* undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)\n\n* santuario (CVE-2019-12400)\n\n* apache-commons-beanutils (CVE-2019-10086)\n\n* cxf (CVE-2019-17573)\n\n* apache-commons-configuration (CVE-2020-1953)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 20. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications", "sources": [ { "db": "NVD", "id": "CVE-2020-10673" }, { "db": "VULHUB", "id": "VHN-163175" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159083" }, { "db": "PACKETSTORM", "id": "158889" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "159015" }, { "db": "PACKETSTORM", "id": "159080" }, { "db": "PACKETSTORM", "id": "158916" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-10673", "trust": 2.6 }, { "db": "PACKETSTORM", "id": "159083", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "158651", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "159015", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "158916", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202003-1151", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "159208", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "158891", "trust": 0.7 }, { "db": "NSFOCUS", "id": "48050", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1766", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2837", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2588", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2619", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1040", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3065", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3190", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2826", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2992", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "158889", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "159080", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "158650", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "158884", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "159082", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "159081", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158881", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-163175", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "157741", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158636", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-163175" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159083" }, { "db": "PACKETSTORM", "id": "158889" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "159015" }, { "db": "PACKETSTORM", "id": "159080" }, { "db": "PACKETSTORM", "id": "158916" }, { "db": "CNNVD", "id": "CNNVD-202003-1151" }, { "db": "NVD", "id": "CVE-2020-10673" } ] }, "id": "VAR-202003-1778", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-163175" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T19:18:35.433000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FasterXML jackson-databind Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112629" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-1151" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2020-10673" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20200403-0002/" }, { "trust": 1.7, "url": "https://github.com/fasterxml/jackson-databind/issues/2660" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html" }, { "trust": 1.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673" }, { "trust": 1.0, "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.9, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2020-10673" }, { "trust": 0.9, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.9, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.9, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2020-10672" }, { "trust": 0.7, "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-9547" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-9546" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-9548" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-8840" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2992/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159015/red-hat-security-advisory-2020-3585-01.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-privilege-escalation-via-resourceref-31850" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2588/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2837/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2619/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158916/red-hat-security-advisory-2020-3501-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1766/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158891/red-hat-security-advisory-2020-3463-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/48050" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2826/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3190/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1040/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3065/" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10740" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-10714" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-10683" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-10740" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-11112" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-11113" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10968" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-11619" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10969" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-11620" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-20330" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-7238" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-11612" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-11111" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10687" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10693" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10687" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-14900" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-1710" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10718" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10718" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-1748" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-17573" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14060" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-9512" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-12406" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-9514" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-9515" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14061" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-20445" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-20444" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14062" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-10086" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086" }, { "trust": 0.3, "url": "https://issues.jboss.org/):" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-6950" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14297" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6950" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14307" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14307" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-13990" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9518" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16869" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12423" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16335" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16943" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-17531" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14540" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9511" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-17267" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14893" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-16942" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14888" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12400" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14892" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1695" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-10172" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3196" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3875" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14832" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2067" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0210" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10219" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10199" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10201" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1729" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14887" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14820" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3197" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3642" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3462" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3831" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11797" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-12541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4970" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9827" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1745" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1953" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1757" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3192" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14195" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1719" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3585" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xeap-cd\u0026version" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1954" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10705" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10719" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/20/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14371" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14371" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1954" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3639" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10758" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10758" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3501" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1728" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1728" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=securitypatches\u0026version=7.4" } ], "sources": [ { "db": "VULHUB", "id": "VHN-163175" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159083" }, { "db": "PACKETSTORM", "id": "158889" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "159015" }, { "db": "PACKETSTORM", "id": "159080" }, { "db": "PACKETSTORM", "id": "158916" }, { "db": "CNNVD", "id": "CNNVD-202003-1151" }, { "db": "NVD", "id": "CVE-2020-10673" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-163175" }, { "db": "PACKETSTORM", "id": "158650" }, { "db": "PACKETSTORM", "id": "157741" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "159083" }, { "db": "PACKETSTORM", "id": "158889" }, { "db": "PACKETSTORM", "id": "158636" }, { "db": "PACKETSTORM", "id": "159015" }, { "db": "PACKETSTORM", "id": "159080" }, { "db": "PACKETSTORM", "id": "158916" }, { "db": "CNNVD", "id": "CNNVD-202003-1151" }, { "db": "NVD", "id": "CVE-2020-10673" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-18T00:00:00", "db": "VULHUB", "id": "VHN-163175" }, { "date": "2020-07-29T17:52:58", "db": "PACKETSTORM", "id": "158650" }, { "date": "2020-05-18T16:42:53", "db": "PACKETSTORM", "id": "157741" }, { "date": "2020-07-29T17:53:05", "db": "PACKETSTORM", "id": "158651" }, { "date": "2020-09-07T16:39:48", "db": "PACKETSTORM", "id": "159083" }, { "date": "2020-08-17T17:43:07", "db": "PACKETSTORM", "id": "158889" }, { "date": "2020-07-29T00:05:59", "db": "PACKETSTORM", "id": "158636" }, { "date": "2020-08-31T16:22:15", "db": "PACKETSTORM", "id": "159015" }, { "date": "2020-09-07T16:37:51", "db": "PACKETSTORM", "id": "159080" }, { "date": "2020-08-19T16:44:13", "db": "PACKETSTORM", "id": "158916" }, { "date": "2020-03-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-1151" }, { "date": "2020-03-18T22:15:12.407000", "db": "NVD", "id": "CVE-2020-10673" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-07T00:00:00", "db": "VULHUB", "id": "VHN-163175" }, { "date": "2022-06-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-1151" }, { "date": "2024-07-03T01:36:08.040000", "db": "NVD", "id": "CVE-2020-10673" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "159083" }, { "db": "PACKETSTORM", "id": "158889" }, { "db": "PACKETSTORM", "id": "159015" }, { "db": "PACKETSTORM", "id": "159080" }, { "db": "CNNVD", "id": "CNNVD-202003-1151" } ], "trust": 1.0 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind Security hole", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-1151" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-1151" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202012-1529">var-202012-1529</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. There is a security vulnerability in FasterXML Jackson Databind, which can be exploited by an attacker to transmit malicious XML data to FasterXML Jackson Databind to read files, scan sites, or trigger a denial of service. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Description:</p> <p>Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. </p> <p>Security Fix(es):</p> <ul> <li> <p>xmlgraphics-commons: SSRF due to improper input validation by the XMPParser (CVE-2020-11988)</p> </li> <li> <p>xstream: allow a remote attacker to cause DoS only by manipulating the processed input stream (CVE-2021-21341)</p> </li> <li> <p>xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21351)</p> </li> <li> <p>xstream: arbitrary file deletion on the local host via crafted input stream (CVE-2021-21343)</p> </li> <li> <p>xstream: arbitrary file deletion on the local host when unmarshalling (CVE-2020-26259)</p> </li> <li> <p>xstream: ReDoS vulnerability (CVE-2021-21348)</p> </li> <li> <p>xstream: Server-Side Forgery Request vulnerability can be activated when unmarshalling (CVE-2020-26258)</p> </li> <li> <p>xstream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host (CVE-2021-21349)</p> </li> <li> <p>xstream: SSRF via crafted input stream (CVE-2021-21342)</p> </li> <li> <p>jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)</p> </li> <li> <p>xstream: allow a remote attacker to execute arbitrary code only by manipulating the processed input stream (CVE-2021-21350)</p> </li> <li> <p>xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21347)</p> </li> <li> <p>xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21346)</p> </li> <li> <p>xstream: allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream (CVE-2021-21345)</p> </li> <li> <p>xstream: arbitrary code execution via crafted input stream (CVE-2021-21344)</p> </li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):</p> <p>1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) 1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling 1908837 - CVE-2020-26259 XStream: arbitrary file deletion on the local host when unmarshalling 1933816 - CVE-2020-11988 xmlgraphics-commons: SSRF due to improper input validation by the XMPParser 1942539 - CVE-2021-21341 XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream 1942545 - CVE-2021-21342 XStream: SSRF via crafted input stream 1942550 - CVE-2021-21343 XStream: arbitrary file deletion on the local host via crafted input stream 1942554 - CVE-2021-21344 XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet 1942558 - CVE-2021-21345 XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry 1942578 - CVE-2021-21346 XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue 1942629 - CVE-2021-21347 XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator 1942633 - CVE-2021-21348 XStream: ReDoS vulnerability 1942635 - CVE-2021-21349 XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host 1942637 - CVE-2021-21350 XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader 1942642 - CVE-2021-21351 XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream</p> <ol> <li></li> </ol> <p>The References section of this erratum contains a download link (you must log in to download the update). See the following advisory for the container images for this release:</p> <p>https://access.redhat.com/errata/RHBA-2021:1427</p> <p>All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at</p> <p>https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor</p> <ol> <li>Solution:</li> </ol> <p>For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:</p> <p>https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html</p> <p>Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html</p> <ol> <li>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</li> </ol> <p>==================================================================== <br /> Red Hat Security Advisory</p> <p>Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update Advisory ID: RHSA-2020:5342-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:5342 Issue date: 2020-12-03 CVE Names: CVE-2020-25638 CVE-2020-25644 CVE-2020-25649 ==================================================================== 1. Summary:</p> <p>An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Relevant releases/architectures:</li> </ol> <p>Red Hat JBoss EAP 7.3 for BaseOS-8 - noarch</p> <ol> <li>Description:</li> </ol> <p>Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. </p> <p>This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. </p> <p>Security Fix(es):</p> <ul> <li> <p>jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (CVE-2020-25649)</p> </li> <li> <p>hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638)</p> </li> <li> <p>wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL (CVE-2020-25644)</p> </li> </ul> <p>For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. </p> <ol> <li>Solution:</li> </ol> <p>Before applying this update, ensure all previously released errata relevant to your system have been applied. </p> <p>For details about how to apply this update, see:</p> <p>https://access.redhat.com/articles/11258</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used 1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL 1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)</p> <ol> <li>JIRA issues fixed (https://issues.jboss.org/):</li> </ol> <p>JBEAP-20029 - <a href="7.3.z">GSS</a> Upgrade Artemis from 2.9.0.redhat-00011 to 2.9.0.redhat-00016 JBEAP-20089 - [GSS] (7.3.z) Upgrade undertow from 2.0.31.SP1-redhat-00001 to 2.0.32.SP1-redhat JBEAP-20119 - <a href="7.3.z">GSS</a> Upgrade JBoss Remoting from 5.0.18.Final-redhat-00001 to 5.0.19.Final-redhat-00001 JBEAP-20161 - <a href="7.3.z">GSS</a> Upgrade XNIO from 3.7.9.Final to 3.7.11.Final JBEAP-20223 - Tracker bug for the EAP 7.3.4 release for RHEL-8 JBEAP-20239 - <a href="7.3.z">GSS</a> Upgrade Hibernate Validator from 6.0.20.Final to 6.0.21.Final JBEAP-20246 - <a href="7.3.z">GSS</a> Upgrade JBoss Marshalling from 2.0.9.Final to 2.0.10.Final JBEAP-20285 - <a href="7.3.z">GSS</a> Upgrade HAL from 3.2.10.Final-redhat-00001 to 3.2.11.Final JBEAP-20300 - (7.3.z) Upgrade jasypt from 1.9.3-redhat-00001 to 1.9.3-redhat-00002 JBEAP-20325 - (7.3.z) Upgrade WildFly Arquillian to 3.0.1.Final for the ts.bootable profile JBEAP-20364 - (7.3.z) Upgrade com.github.fge.msg-simple to 1.1.0.redhat-00007 and com.github.fge.btf to 1.2.0.redhat-00007 JBEAP-20368 - (7.3.z) Upgrade Bootable JAR Maven plugin to 2.0.1.Final</p> <ol> <li>Package List:</li> </ol> <p>Red Hat JBoss EAP 7.3 for BaseOS-8:</p> <p>Source: eap7-activemq-artemis-2.9.0-6.redhat_00016.1.el8eap.src.rpm eap7-fge-btf-1.2.0-1.redhat_00007.1.el8eap.src.rpm eap7-fge-msg-simple-1.1.0-1.redhat_00007.1.el8eap.src.rpm eap7-hal-console-3.2.11-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-validator-6.0.21-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jackson-annotations-2.10.4-1.redhat_00002.1.el8eap.src.rpm eap7-jackson-core-2.10.4-1.redhat_00002.1.el8eap.src.rpm eap7-jackson-coreutils-1.6.0-1.redhat_00006.1.el8eap.src.rpm eap7-jackson-jaxrs-providers-2.10.4-1.redhat_00002.1.el8eap.src.rpm eap7-jackson-modules-base-2.10.4-3.redhat_00002.1.el8eap.src.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00002.1.el8eap.src.rpm eap7-jasypt-1.9.3-1.redhat_00002.1.el8eap.src.rpm eap7-jboss-marshalling-2.0.10-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-remoting-5.0.19-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.7.2-3.Final_redhat_00004.1.el8eap.src.rpm eap7-jboss-xnio-base-3.7.11-1.Final_redhat_00001.1.el8eap.src.rpm eap7-undertow-2.0.32-1.SP1_redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.3.4-3.GA_redhat_00003.1.el8eap.src.rpm eap7-wildfly-elytron-1.10.9-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-openssl-1.0.12-1.Final_redhat_00001.1.el8eap.src.rpm</p> <p>noarch: eap7-activemq-artemis-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-cli-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-commons-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-core-client-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-dto-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-client-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-server-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-journal-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-ra-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-selector-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-server-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-tools-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-fge-btf-1.2.0-1.redhat_00007.1.el8eap.noarch.rpm eap7-fge-msg-simple-1.1.0-1.redhat_00007.1.el8eap.noarch.rpm eap7-hal-console-3.2.11-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-validator-6.0.21-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-validator-cdi-6.0.21-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jackson-annotations-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-core-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-coreutils-1.6.0-1.redhat_00006.1.el8eap.noarch.rpm eap7-jackson-datatype-jdk8-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-datatype-jsr310-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-jaxrs-base-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.10.4-3.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-modules-base-2.10.4-3.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-jasypt-1.9.3-1.redhat_00002.1.el8eap.noarch.rpm eap7-jboss-marshalling-2.0.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-marshalling-river-2.0.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-remoting-5.0.19-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-xnio-base-3.7.11-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-undertow-2.0.32-1.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.3.4-3.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.10.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.3.4-3.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-modules-7.3.4-3.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-openssl-1.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-openssl-java-1.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm</p> <p>These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/</p> <ol> <li>References:</li> </ol> <p>https://access.redhat.com/security/cve/CVE-2020-25638 https://access.redhat.com/security/cve/CVE-2020-25644 https://access.redhat.com/security/cve/CVE-2020-25649 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBX8k7Y9zjgjWX9erEAQgaMA/8D6uRPrTX/XmXtkeZw9Y9yMoLHIYpl083 iv71vIyCkmQXHFmsYidw0jI6euRhHmihMY5DMyci3zAHqa7KbX1pqQsXWPIvWVnv ykpkGtPGUoqlJU7FDZq00Vk+/bykOEIcAmBJJCoNuLAS09gub2l2UPD3QGC1cZfa 7ziYlGTufSOYN6RInoSGiOgqUpYQzF35oZT2Vwc5b92ZGx6rj08vrCGNmF9SXRYc +yy1IIVGMdYe/1IEcpq936F8AKxJYiqyhsLP4orkt1GxC5P8RGnGvUoIwZmrDq06 xBPP44WmbAmFu8t3hcBUBs+ewzAc9swmy7ZKu8yuJfmxcDlyz/pVpPg8tLfCZRbg XRekSfvEzRw6lidGv5vMqUUoRxJd5LicaWSW93jus01UahLVMTGyPMAVHcdeP1P7 n29R5ZNWk5e9cWCmTL10T3+6Rf4brnbUf09mCsgSwSsuejCoxdD0JLaC0z953cqC ga5z8xSYtXmQdhOKZIhQ17el2Prdw82Vw11dNFvN3AsQMu3exSOp+MAhh9bs5/Ba HcvSdryXIkEy/3atBUZxoDZu6ZJRHB0yWuk3CsvoW3lJuBGhVS1Wah+9g8Lq0H5y QkpRwaCU+SxNXG+VAq59ZP8jKyl87mMzRQ4w0touglb/YqSZfp2dpAqC5t8zPfeO B8NkNn8eYYs=+qXq -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . </p> <p>You must restart the JBoss server process for the update to take effect</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202012-1529" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202012-1529" aria-expanded="false" aria-controls="collapseJsonvar-202012-1529"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202012-1529&t=Vulnerability var-202012-1529" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202012-1529&title=Vulnerability var-202012-1529" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202012-1529&url=https://vulnerability.circl.lu/vuln/var-202012-1529" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202012-1529&title=Vulnerability var-202012-1529" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202012-1529&description=Vulnerability var-202012-1529" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202012-1529&title=Vulnerability var-202012-1529" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202012-1529')" vuln-id="var-202012-1529" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202012-1529"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202012-1529">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202012-1529", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.3.0.6.0" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.7.0" }, { "model": "communications messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.2" }, { "model": "banking apis", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.1" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.9.0" }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4.0.3.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "32" }, { "model": "communications pricing design center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.0" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.7.1" }, { "model": "commerce platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.2" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.0" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.3.2" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.5.0" }, { "model": "banking treasury management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4" }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4.0.2.0" }, { "model": "agile product lifecycle management integration pack", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.6" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.10.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0.2" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "banking apis", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.1" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.10.0" }, { "model": "communications unified inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4.1" }, { "model": "communications convergent charging controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.3.0.5.0" }, { "model": "banking apis", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "insurance rules palette", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.6.2" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "iotdb", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "0.12.0" }, { "model": "communications interactive session recorder", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.3" }, { "model": "health sciences empirica signal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.0" }, { "model": "goldengate application adapters", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1.0.0.0" }, { "model": "coherence", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.1.0.0" }, { "model": "communications interactive session recorder", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.4" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "insurance rules palette", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.6.7.4" }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4.0.0.0" }, { "model": "blockchain platform", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "21.1.2" }, { "model": "communications messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1" }, { "model": "coherence", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "sd-wan edge", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.0" }, { "model": "communications services gatekeeper", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.10" }, { "model": "health sciences empirica signal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.1" }, { "model": "oncommand api services", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0" }, { "model": "insurance policy administration", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "insurance policy administration", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.0.1" }, { "model": "banking apis", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.2" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12.0" }, { "model": "communications offline mediation controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3.1" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.11" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "communications cloud native core unified data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.4.0" }, { "model": "banking apis", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.1" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.6.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.2.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0.4" }, { "model": "banking apis", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1" }, { "model": "service level manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "quarkus", "scope": "lte", "trust": 1.0, "vendor": "quarkus", "version": "1.6.1" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.10.5.1" }, { "model": "commerce platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.5.0.23.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.7" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0.3" }, { "model": "insurance policy administration", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.8.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.11" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.6" }, { "model": "hitachi ops center analyzer viewpoint", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "service level manager", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "oncommand workflow automation", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null }, { "model": "oncommand api services", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "quarkus", "scope": null, "trust": 0.8, "vendor": "quarkus", "version": null }, { "model": "jackson-databind", "scope": null, "trust": 0.8, "vendor": "fasterxml", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-014030" }, { "db": "NVD", "id": "CVE-2020-25649" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.10.5.1", "versionStartIncluding": "2.10.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.7", "versionStartIncluding": "2.9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.6.7.4", "versionStartIncluding": "2.6.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.6.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:iotdb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.12.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.2", "versionStartIncluding": "11.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.10", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.11", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.3", "versionStartIncluding": "18.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "21.1.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-25649" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162696" }, { "db": "PACKETSTORM", "id": "163201" }, { "db": "PACKETSTORM", "id": "160346" }, { "db": "PACKETSTORM", "id": "159973" }, { "db": "PACKETSTORM", "id": "162478" }, { "db": "PACKETSTORM", "id": "160349" }, { "db": "PACKETSTORM", "id": "159767" } ], "trust": 0.7 }, "cve": "CVE-2020-25649", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2020-25649", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-179648", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2020-25649", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-25649", "trust": 1.8, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-179648", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-25649", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-179648" }, { "db": "VULMON", "id": "CVE-2020-25649" }, { "db": "JVNDB", "id": "JVNDB-2020-014030" }, { "db": "NVD", "id": "CVE-2020-25649" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. There is a security vulnerability in FasterXML Jackson Databind, which can be exploited by an attacker to transmit malicious XML data to FasterXML Jackson Databind to read files, scan sites, or trigger a denial of service. The purpose of this text-only\nerrata is to inform you about the security issues fixed in this release. Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. \n\nSecurity Fix(es):\n\n* xmlgraphics-commons: SSRF due to improper input validation by the\nXMPParser (CVE-2020-11988)\n\n* xstream: allow a remote attacker to cause DoS only by manipulating the\nprocessed input stream (CVE-2021-21341)\n\n* xstream: allow a remote attacker to load and execute arbitrary code from\na remote host only by manipulating the processed input stream\n(CVE-2021-21351)\n\n* xstream: arbitrary file deletion on the local host via crafted input\nstream (CVE-2021-21343)\n\n* xstream: arbitrary file deletion on the local host when unmarshalling\n(CVE-2020-26259)\n\n* xstream: ReDoS vulnerability (CVE-2021-21348)\n\n* xstream: Server-Side Forgery Request vulnerability can be activated when\nunmarshalling (CVE-2020-26258)\n\n* xstream: SSRF can be activated unmarshalling with XStream to access data\nstreams from an arbitrary URL referencing a resource in an intranet or the\nlocal host (CVE-2021-21349)\n\n* xstream: SSRF via crafted input stream (CVE-2021-21342)\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is\nvulnerable to XML external entity (XXE) (CVE-2020-25649)\n\n* xstream: allow a remote attacker to execute arbitrary code only by\nmanipulating the processed input stream (CVE-2021-21350)\n\n* xstream: allow a remote attacker to load and execute arbitrary code from\na remote host only by manipulating the processed input stream\n(CVE-2021-21347)\n\n* xstream: allow a remote attacker to load and execute arbitrary code from\na remote host only by manipulating the processed input stream\n(CVE-2021-21346)\n\n* xstream: allow a remote attacker who has sufficient rights to execute\ncommands of the host only by manipulating the processed input stream\n(CVE-2021-21345)\n\n* xstream: arbitrary code execution via crafted input stream\n(CVE-2021-21344)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)\n1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling\n1908837 - CVE-2020-26259 XStream: arbitrary file deletion on the local host when unmarshalling\n1933816 - CVE-2020-11988 xmlgraphics-commons: SSRF due to improper input validation by the XMPParser\n1942539 - CVE-2021-21341 XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream\n1942545 - CVE-2021-21342 XStream: SSRF via crafted input stream\n1942550 - CVE-2021-21343 XStream: arbitrary file deletion on the local host via crafted input stream\n1942554 - CVE-2021-21344 XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet\n1942558 - CVE-2021-21345 XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry\n1942578 - CVE-2021-21346 XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue\n1942629 - CVE-2021-21347 XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator\n1942633 - CVE-2021-21348 XStream: ReDoS vulnerability\n1942635 - CVE-2021-21349 XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host\n1942637 - CVE-2021-21350 XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader\n1942642 - CVE-2021-21351 XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream\n\n5. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1427\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\n\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update\nAdvisory ID: RHSA-2020:5342-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:5342\nIssue date: 2020-12-03\nCVE Names: CVE-2020-25638 CVE-2020-25644 CVE-2020-25649\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.3 for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.3 for BaseOS-8 - noarch\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3,\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.3.4 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is\nvulnerable to XML external entity (CVE-2020-25649)\n\n* hibernate-core: SQL injection vulnerability when both\nhibernate.use_sql_comments and JPQL String literals are used\n(CVE-2020-25638)\n\n* wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL\n(CVE-2020-25644)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, see the CVE page(s) listed in the\nReferences section. \n\n4. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used\n1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL\n1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-20029 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00011 to 2.9.0.redhat-00016\nJBEAP-20089 - [GSS] (7.3.z) Upgrade undertow from 2.0.31.SP1-redhat-00001 to 2.0.32.SP1-redhat\nJBEAP-20119 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.18.Final-redhat-00001 to 5.0.19.Final-redhat-00001\nJBEAP-20161 - [GSS](7.3.z) Upgrade XNIO from 3.7.9.Final to 3.7.11.Final\nJBEAP-20223 - Tracker bug for the EAP 7.3.4 release for RHEL-8\nJBEAP-20239 - [GSS](7.3.z) Upgrade Hibernate Validator from 6.0.20.Final to 6.0.21.Final\nJBEAP-20246 - [GSS](7.3.z) Upgrade JBoss Marshalling from 2.0.9.Final to 2.0.10.Final\nJBEAP-20285 - [GSS](7.3.z) Upgrade HAL from 3.2.10.Final-redhat-00001 to 3.2.11.Final\nJBEAP-20300 - (7.3.z) Upgrade jasypt from 1.9.3-redhat-00001 to 1.9.3-redhat-00002\nJBEAP-20325 - (7.3.z) Upgrade WildFly Arquillian to 3.0.1.Final for the ts.bootable profile\nJBEAP-20364 - (7.3.z) Upgrade com.github.fge.msg-simple to 1.1.0.redhat-00007 and com.github.fge.btf to 1.2.0.redhat-00007\nJBEAP-20368 - (7.3.z) Upgrade Bootable JAR Maven plugin to 2.0.1.Final\n\n7. Package List:\n\nRed Hat JBoss EAP 7.3 for BaseOS-8:\n\nSource:\neap7-activemq-artemis-2.9.0-6.redhat_00016.1.el8eap.src.rpm\neap7-fge-btf-1.2.0-1.redhat_00007.1.el8eap.src.rpm\neap7-fge-msg-simple-1.1.0-1.redhat_00007.1.el8eap.src.rpm\neap7-hal-console-3.2.11-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-hibernate-validator-6.0.21-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jackson-annotations-2.10.4-1.redhat_00002.1.el8eap.src.rpm\neap7-jackson-core-2.10.4-1.redhat_00002.1.el8eap.src.rpm\neap7-jackson-coreutils-1.6.0-1.redhat_00006.1.el8eap.src.rpm\neap7-jackson-jaxrs-providers-2.10.4-1.redhat_00002.1.el8eap.src.rpm\neap7-jackson-modules-base-2.10.4-3.redhat_00002.1.el8eap.src.rpm\neap7-jackson-modules-java8-2.10.4-1.redhat_00002.1.el8eap.src.rpm\neap7-jasypt-1.9.3-1.redhat_00002.1.el8eap.src.rpm\neap7-jboss-marshalling-2.0.10-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-remoting-5.0.19-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-server-migration-1.7.2-3.Final_redhat_00004.1.el8eap.src.rpm\neap7-jboss-xnio-base-3.7.11-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-undertow-2.0.32-1.SP1_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-7.3.4-3.GA_redhat_00003.1.el8eap.src.rpm\neap7-wildfly-elytron-1.10.9-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-openssl-1.0.12-1.Final_redhat_00001.1.el8eap.src.rpm\n\nnoarch:\neap7-activemq-artemis-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-cli-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-commons-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-core-client-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-dto-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-hornetq-protocol-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-hqclient-protocol-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-jdbc-store-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-client-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-server-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-journal-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-ra-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-selector-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-server-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-service-extensions-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-tools-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-fge-btf-1.2.0-1.redhat_00007.1.el8eap.noarch.rpm\neap7-fge-msg-simple-1.1.0-1.redhat_00007.1.el8eap.noarch.rpm\neap7-hal-console-3.2.11-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-validator-6.0.21-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-validator-cdi-6.0.21-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jackson-annotations-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-core-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-coreutils-1.6.0-1.redhat_00006.1.el8eap.noarch.rpm\neap7-jackson-datatype-jdk8-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-datatype-jsr310-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-jaxrs-base-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-module-jaxb-annotations-2.10.4-3.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-modules-base-2.10.4-3.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-modules-java8-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jasypt-1.9.3-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-marshalling-2.0.10-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-marshalling-river-2.0.10-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-remoting-5.0.19-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-server-migration-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-cli-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-core-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.3-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly13.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly14.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly15.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly16.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly17.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly18.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-xnio-base-3.7.11-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-undertow-2.0.32-1.SP1_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-7.3.4-3.GA_redhat_00003.1.el8eap.noarch.rpm\neap7-wildfly-elytron-1.10.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-elytron-tool-1.10.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-javadocs-7.3.4-3.GA_redhat_00003.1.el8eap.noarch.rpm\neap7-wildfly-modules-7.3.4-3.GA_redhat_00003.1.el8eap.noarch.rpm\neap7-wildfly-openssl-1.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-openssl-java-1.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-25638\nhttps://access.redhat.com/security/cve/CVE-2020-25644\nhttps://access.redhat.com/security/cve/CVE-2020-25649\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX8k7Y9zjgjWX9erEAQgaMA/8D6uRPrTX/XmXtkeZw9Y9yMoLHIYpl083\niv71vIyCkmQXHFmsYidw0jI6euRhHmihMY5DMyci3zAHqa7KbX1pqQsXWPIvWVnv\nykpkGtPGUoqlJU7FDZq00Vk+/bykOEIcAmBJJCoNuLAS09gub2l2UPD3QGC1cZfa\n7ziYlGTufSOYN6RInoSGiOgqUpYQzF35oZT2Vwc5b92ZGx6rj08vrCGNmF9SXRYc\n+yy1IIVGMdYe/1IEcpq936F8AKxJYiqyhsLP4orkt1GxC5P8RGnGvUoIwZmrDq06\nxBPP44WmbAmFu8t3hcBUBs+ewzAc9swmy7ZKu8yuJfmxcDlyz/pVpPg8tLfCZRbg\nXRekSfvEzRw6lidGv5vMqUUoRxJd5LicaWSW93jus01UahLVMTGyPMAVHcdeP1P7\nn29R5ZNWk5e9cWCmTL10T3+6Rf4brnbUf09mCsgSwSsuejCoxdD0JLaC0z953cqC\nga5z8xSYtXmQdhOKZIhQ17el2Prdw82Vw11dNFvN3AsQMu3exSOp+MAhh9bs5/Ba\nHcvSdryXIkEy/3atBUZxoDZu6ZJRHB0yWuk3CsvoW3lJuBGhVS1Wah+9g8Lq0H5y\nQkpRwaCU+SxNXG+VAq59ZP8jKyl87mMzRQ4w0touglb/YqSZfp2dpAqC5t8zPfeO\nB8NkNn8eYYs=+qXq\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nYou must restart the JBoss server process for the update to take effect", "sources": [ { "db": "NVD", "id": "CVE-2020-25649" }, { "db": "JVNDB", "id": "JVNDB-2020-014030" }, { "db": "VULHUB", "id": "VHN-179648" }, { "db": "VULMON", "id": "CVE-2020-25649" }, { "db": "PACKETSTORM", "id": "162696" }, { "db": "PACKETSTORM", "id": "163201" }, { "db": "PACKETSTORM", "id": "160346" }, { "db": "PACKETSTORM", "id": "159973" }, { "db": "PACKETSTORM", "id": "162478" }, { "db": "PACKETSTORM", "id": "160349" }, { "db": "PACKETSTORM", "id": "159767" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-25649", "trust": 2.7 }, { "db": "JVNDB", "id": "JVNDB-2020-014030", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "160349", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "160346", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162478", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "159973", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162696", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "163201", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "159767", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "163205", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "160347", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "160489", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "160348", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "160554", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "159759", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "159680", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161261", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162240", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161766", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "160535", "trust": 0.1 }, { "db": "CNNVD", "id": "CNNVD-202010-622", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-179648", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-25649", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-179648" }, { "db": "VULMON", "id": "CVE-2020-25649" }, { "db": "JVNDB", "id": "JVNDB-2020-014030" }, { "db": "PACKETSTORM", "id": "162696" }, { "db": "PACKETSTORM", "id": "163201" }, { "db": "PACKETSTORM", "id": "160346" }, { "db": "PACKETSTORM", "id": "159973" }, { "db": "PACKETSTORM", "id": "162478" }, { "db": "PACKETSTORM", "id": "160349" }, { "db": "PACKETSTORM", "id": "159767" }, { "db": "NVD", "id": "CVE-2020-25649" } ] }, "id": "VAR-202012-1529", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-179648" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:57:50.923000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "hitachi-sec-2021-111", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2589" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204401 - security advisory" }, { "title": "Red Hat: Important: Red Hat Data Grid 7.3.8 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205410 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204402 - security advisory" }, { "title": "Red Hat: Important: Red Hat build of Eclipse Vert.x 3.9.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204379 - security advisory" }, { "title": "Red Hat: Important: rh-maven35-jackson-databind security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204312 - security advisory" }, { "title": "Red Hat: Low: RHV-M(ovirt-engine) 4.4.z security, bug fix, enhancement update [ovirt-4.4.4]", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210381 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205341 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205340 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205342 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205344 - security advisory" }, { "title": "Red Hat: Important: Red Hat Single Sign-On 7.4.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205533 - security advisory" }, { "title": "Red Hat: Important: Red Hat build of Thorntail 2.7.2 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205361 - security advisory" }, { "title": "IBM: Security Bulletin: IBM Network Performance Insight 1.3.1 was affected by vulnerability in jackson-databind (CVE-2020-25649)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5d8938176e857437de15675453ad2b9a" }, { "title": "IBM: Security Bulletin: A vulnerability have been identified in FasterXML Jackson Databind shipped with IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library (CVE-2020-25649)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e73bd45b3af488f816a21700b2fd0ee8" }, { "title": "IBM: Security Bulletin: IBM CloudPak foundational services (Events Operator) is affected by potential data integrity issue (CVE-2020-25649)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=83af1574b941aa6afccbfb11a9d6dd60" }, { "title": "IBM: Security Bulletin: Vulnerabilities in FasterXML Jackson Databind and Apache Xerces affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0169ebe66d0191409c7149d7151593fb" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-111" }, { "title": "IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics \u00e2\u20ac\u201c Log Analysis", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1db4c8cb14383c63d0c04205c943ef8a" }, { "title": "sbom-utility", "trust": 0.1, "url": "https://github.com/cyclonedx/sbom-utility " }, { "title": "Apache JMeter", "trust": 0.1, "url": "https://github.com/mosaic-hgw/jmeter " }, { "title": "", "trust": 0.1, "url": "https://github.com/pctf/vulnerable-app " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-25649" }, { "db": "JVNDB", "id": "JVNDB-2020-014030" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-611", "trust": 1.1 }, { "problemtype": "XML Improper restrictions on external entity references (CWE-611) [ Other ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-179648" }, { "db": "JVNDB", "id": "JVNDB-2020-014030" }, { "db": "NVD", "id": "CVE-2020-25649" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25649" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20210108-0007/" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "trust": 1.1, "url": "https://github.com/fasterxml/jackson-databind/issues/2589" }, { "trust": 1.1, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3ccommits.turbine.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3cissues.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3cnotifications.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3cissues.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3ccommits.druid.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3cdev.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3cissues.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3ccommits.servicecomb.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3ccommits.karaf.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3cissues.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3cissues.flink.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3cissues.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3creviews.iotdb.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cdev.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cusers.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3cnotifications.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3cdev.knox.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3cissues.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3cdev.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3cusers.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3creviews.iotdb.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3cnotifications.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3ccommits.iotdb.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3cnotifications.iotdb.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3creviews.iotdb.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3ccommits.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3cuser.spark.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3cdev.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3cusers.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3cissues.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3cdev.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3ccommits.karaf.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3ccommits.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3ccommits.tomee.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3cissues.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3cissues.flink.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cdev.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cusers.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3cdev.knox.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3ccommits.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3cissues.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3cissues.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3ccommits.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3ccommits.karaf.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3ccommits.karaf.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6x2ut4x6m7dlqyboohmxbwgyj65rl2ct/" }, { "trust": 0.9, "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3cdev.kafka.apache.org%3e" }, { "trust": 0.9, "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3cusers.kafka.apache.org%3e" }, { "trust": 0.9, "url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3ccommits.zookeeper.apache.org%3e" }, { "trust": 0.9, "url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3ccommits.zookeeper.apache.org%3e" }, { "trust": 0.9, "url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3ccommits.zookeeper.apache.org%3e" }, { "trust": 0.9, "url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3ccommits.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2020-25649" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25638" }, { "trust": 0.3, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-25638" }, { "trust": 0.3, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "trust": 0.3, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "https://issues.jboss.org/):" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25644" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-25644" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6x2ut4x6m7dlqyboohmxbwgyj65rl2ct/" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3ccommits.servicecomb.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3ccommits.druid.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3cissues.flink.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3cissues.flink.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3cdev.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3cissues.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3cissues.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3cissues.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3cissues.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3cissues.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3cissues.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3cissues.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3cissues.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3cissues.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3cissues.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3ccommits.iotdb.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3cnotifications.iotdb.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3creviews.iotdb.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3creviews.iotdb.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3creviews.iotdb.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3cdev.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cdev.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cdev.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3cusers.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cusers.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cusers.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3ccommits.karaf.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3ccommits.karaf.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3ccommits.karaf.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3ccommits.karaf.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3cdev.knox.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3cdev.knox.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3cuser.spark.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3ccommits.tomee.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3ccommits.turbine.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3cdev.zookeeper.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3cnotifications.zookeeper.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3cnotifications.zookeeper.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3cnotifications.zookeeper.apache.org%3e" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14040" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040" }, { "trust": 0.1, "url": "https://catalog.redhat.com/software/operators/detail/5ef2818e7dc79430ca5f4fd2" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2039" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21350" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2475" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21341" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21347" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21349" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21341" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21342" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21351" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21345" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26259" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21342" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21344" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26258" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21348" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21348" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21344" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21349" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11988" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11988" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21350" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21346" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21347" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21345" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21343" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21343" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21346" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21351" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26259" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.3" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:5344" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:4379" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/3.9/html/release_notes_for_eclipse_vert.x_3.9/index" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xcatrhoar.eclipse.vertx\u0026version=3.9.4" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2021:1427" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27363" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3347" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1429" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27364" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27365" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27363" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3447" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3447" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27365" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27364" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20305" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-2163" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:5342" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:4401" } ], "sources": [ { "db": "VULHUB", "id": "VHN-179648" }, { "db": "JVNDB", "id": "JVNDB-2020-014030" }, { "db": "PACKETSTORM", "id": "162696" }, { "db": "PACKETSTORM", "id": "163201" }, { "db": "PACKETSTORM", "id": "160346" }, { "db": "PACKETSTORM", "id": "159973" }, { "db": "PACKETSTORM", "id": "162478" }, { "db": "PACKETSTORM", "id": "160349" }, { "db": "PACKETSTORM", "id": "159767" }, { "db": "NVD", "id": "CVE-2020-25649" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-179648" }, { "db": "VULMON", "id": "CVE-2020-25649" }, { "db": "JVNDB", "id": "JVNDB-2020-014030" }, { "db": "PACKETSTORM", "id": "162696" }, { "db": "PACKETSTORM", "id": "163201" }, { "db": "PACKETSTORM", "id": "160346" }, { "db": "PACKETSTORM", "id": "159973" }, { "db": "PACKETSTORM", "id": "162478" }, { "db": "PACKETSTORM", "id": "160349" }, { "db": "PACKETSTORM", "id": "159767" }, { "db": "NVD", "id": "CVE-2020-25649" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-12-03T00:00:00", "db": "VULHUB", "id": "VHN-179648" }, { "date": "2020-12-03T00:00:00", "db": "VULMON", "id": "CVE-2020-25649" }, { "date": "2021-07-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-014030" }, { "date": "2021-05-19T14:19:36", "db": "PACKETSTORM", "id": "162696" }, { "date": "2021-06-17T18:16:15", "db": "PACKETSTORM", "id": "163201" }, { "date": "2020-12-03T20:27:14", "db": "PACKETSTORM", "id": "160346" }, { "date": "2020-11-09T19:20:13", "db": "PACKETSTORM", "id": "159973" }, { "date": "2021-05-06T01:15:29", "db": "PACKETSTORM", "id": "162478" }, { "date": "2020-12-03T20:27:59", "db": "PACKETSTORM", "id": "160349" }, { "date": "2020-10-29T14:40:25", "db": "PACKETSTORM", "id": "159767" }, { "date": "2020-12-03T17:15:12.503000", "db": "NVD", "id": "CVE-2020-25649" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-02T00:00:00", "db": "VULHUB", "id": "VHN-179648" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2020-25649" }, { "date": "2021-07-20T04:50:00", "db": "JVNDB", "id": "JVNDB-2020-014030" }, { "date": "2023-11-07T03:20:18.977000", "db": "NVD", "id": "CVE-2020-25649" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "162696" }, { "db": "PACKETSTORM", "id": "160346" }, { "db": "PACKETSTORM", "id": "160349" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML\u00a0Jackson\u00a0Databind\u00a0 In \u00a0XML\u00a0 External entity vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-014030" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "sql injection, memory leak", "sources": [ { "db": "PACKETSTORM", "id": "160346" }, { "db": "PACKETSTORM", "id": "160349" } ], "trust": 0.2 } }</pre> </div> </div> </div> </div> <br /> <div class="card"> <div class="card-body"> <h5 class="card-title"><a href="/vuln/var-202101-1935">var-202101-1935</a></h5> <h6 class="card-subtitle mb-2 text-body-secondary"> Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a> </h6> <p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256</p> <p>===================================================================== Red Hat Security Advisory</p> <p>Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================</p> <ol> <li>Summary:</li> </ol> <p>Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. </p> <p>Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. </p> <ol> <li>Description:</li> </ol> <p>Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. </p> <ol> <li>Solution:</li> </ol> <p>This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:</p> <p>https://access.redhat.com/errata/RHBA-2021:1232</p> <p>All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor</p> <p>For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:</p> <p>https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html</p> <p>Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html</p> <ol> <li>Bugs fixed (https://bugzilla.redhat.com/):</li> </ol> <p>1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:</p> <p>https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important</p> <ol> <li>Contact:</li> </ol> <p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact details at https://access.redhat.com/security/team/contact/</p> <p>Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1</p> <p>iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----</p> <p>-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):</p> <p>LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"</p> <p>5</p></p> <a href="https://www.variotdbs.pl/vuln/VAR-202101-1935" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a> <br /><br /> <div class="btn-group" role="group"> <a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202101-1935" aria-expanded="false" aria-controls="collapseJsonvar-202101-1935"> JSON <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </a> <div class="btn-group" role="group"> <button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false"> Share <svg class="bi" width="1em" height="1em" fill="currentColor"> <use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/> </svg> </button> <ul class="dropdown-menu" aria-labelledby="btnGroupDropShare"> <li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202101-1935&t=Vulnerability var-202101-1935" target="_blank" title="Share on Hacker News">Hacker News</a></li> <li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202101-1935&title=Vulnerability var-202101-1935" target="_blank" title="Share on LinkedIn">LinkedIn</a></li> <li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202101-1935&url=https://vulnerability.circl.lu/vuln/var-202101-1935" target="_blank" title="Share on Mastodon">Mastodon</a></li> <li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202101-1935&title=Vulnerability var-202101-1935" target="_blank" title="Share on Newspipe">Newspipe</a></li> <li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202101-1935&description=Vulnerability var-202101-1935" target="_blank" title="Share on Pinboard">Pinboard</a></li> <li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202101-1935&title=Vulnerability var-202101-1935" target="_blank" title="Share on Reddit">Reddit</a></li> </ul> </div> <a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202101-1935')" vuln-id="var-202101-1935" href="#">To clipboard</a> </div> <div class="collapse" id="collapseJsonvar-202101-1935"> <br /> <div class="card card-body"> <pre class="json-container" id="containervar-202101-1935">{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1935", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "communications policy management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.5.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "communications pricing design center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.0" }, { "model": "retail customer management and segmentation foundation", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "commerce platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.2" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.6.7.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.3.2" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.5.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "banking treasury management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3" }, { "model": "cloud backup", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "data integrator", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0.2" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.4.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "retail customer management and segmentation foundation", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "communications unified inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4.1" }, { "model": "communications convergent charging controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "insurance rules palette", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "goldengate application adapters", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1.0.0.0" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "communications diameter signaling route", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.5.0.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.0" }, { "model": "insurance rules palette", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "communications diameter signaling route", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "communications services gatekeeper", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.10" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0" }, { "model": "insurance policy administration", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "insurance policy administration", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12.0" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.2" }, { "model": "communications offline mediation controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3.1" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.11" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "communications cloud native core policy", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.14.0" }, { "model": "communications cloud native core unified data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.4.0" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.8" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.0.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.2.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0.4" }, { "model": "service level manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "commerce platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.5.0.23.0" }, { "model": "blockchain platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.1.2" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0.3" }, { "model": "insurance policy administration", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.11" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.1" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.4" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.6" }, { "model": "service level manager", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "jackson-databind", "scope": null, "trust": 0.8, "vendor": "fasterxml", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015591" }, { "db": "NVD", "id": "CVE-2020-36187" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.8", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.2", "versionStartIncluding": "11.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.10", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.11", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.0", "versionStartIncluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.5.0.0", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.4.0", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.1.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-36187" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202101-331" } ], "trust": 0.8 }, "cve": "CVE-2020-36187", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-36187", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-381454", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-36187", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-36187", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202101-331", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-381454", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-36187", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-381454" }, { "db": "VULMON", "id": "CVE-2020-36187" }, { "db": "JVNDB", "id": "JVNDB-2020-015591" }, { "db": "NVD", "id": "CVE-2020-36187" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-331" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2020-36187" }, { "db": "JVNDB", "id": "JVNDB-2020-015591" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-381454" }, { "db": "VULMON", "id": "CVE-2020-36187" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-36187", "trust": 2.8 }, { "db": "PACKETSTORM", "id": "162350", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162493", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015591", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021110515", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021050708", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042826", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1397", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1437", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1573", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-331", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-381454", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-36187", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381454" }, { "db": "VULMON", "id": "CVE-2020-36187" }, { "db": "JVNDB", "id": "JVNDB-2020-015591" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36187" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-331" } ] }, "id": "VAR-202101-1935", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-381454" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T10:53:32.289000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "NTAP-20210205-0005", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138937" }, { "title": "IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "Al1ex", "trust": 0.1, "url": "https://github.com/al1ex/al1ex " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-36187" }, { "db": "JVNDB", "id": "JVNDB-2020-015591" }, { "db": "CNNVD", "id": "CNNVD-202101-331" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.1 }, { "problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381454" }, { "db": "JVNDB", "id": "JVNDB-2020-015591" }, { "db": "NVD", "id": "CVE-2020-36187" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { "trust": 1.8, "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2997" }, { "trust": 1.8, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187" }, { "trust": 0.7, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1437" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6455267" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021110515" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042826" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1397" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1573" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021050708" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19360" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20190" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14719" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35491" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36180" }, { "trust": 0.2, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36188" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36179" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36182" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24750" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36186" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14379" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/al1ex/al1ex" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1230" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2021:1232" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2163" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1515" } ], "sources": [ { "db": "VULHUB", "id": "VHN-381454" }, { "db": "VULMON", "id": "CVE-2020-36187" }, { "db": "JVNDB", "id": "JVNDB-2020-015591" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36187" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-331" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-381454" }, { "db": "VULMON", "id": "CVE-2020-36187" }, { "db": "JVNDB", "id": "JVNDB-2020-015591" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36187" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-331" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-06T00:00:00", "db": "VULHUB", "id": "VHN-381454" }, { "date": "2021-01-06T00:00:00", "db": "VULMON", "id": "CVE-2020-36187" }, { "date": "2021-10-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015591" }, { "date": "2021-04-27T15:37:46", "db": "PACKETSTORM", "id": "162350" }, { "date": "2021-05-06T15:03:00", "db": "PACKETSTORM", "id": "162493" }, { "date": "2021-01-06T23:15:13.170000", "db": "NVD", "id": "CVE-2020-36187" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-01-06T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-331" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-02T00:00:00", "db": "VULHUB", "id": "VHN-381454" }, { "date": "2022-09-02T00:00:00", "db": "VULMON", "id": "CVE-2020-36187" }, { "date": "2021-10-06T01:05:00", "db": "JVNDB", "id": "JVNDB-2020-015591" }, { "date": "2023-09-13T14:57:25.667000", "db": "NVD", "id": "CVE-2020-36187" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-07-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-331" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-331" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015591" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }</pre> </div> </div> </div> </div> <br /> </div> <script> document.addEventListener("DOMContentLoaded", function() { loadSightings(); loadComments(); loadBundles(); var jsonContainers = document.querySelectorAll(".json-container"); Array.prototype.forEach.call(jsonContainers, function(jsonContainer) { jsonContainer.innerHTML = prettyPrintJson.toHtml(JSON.parse(jsonContainer.innerText)); }); document.getElementById("freetext_search").oninput = function(event) { var text = document.getElementById("freetext_search").value; if (text.length >= 3) { fetch("/api/browse?vendor="+text) .then(response => response.json()) .then(vendors => { var options = ''; vendors.map(function(vendor){ options += '<option value="'+ vendor +'" >'; }) document.getElementById('vendors_list').innerHTML = options; }); } } const element_product = document.getElementById("productsList"); const choice_product = new Choices(element_product, { shouldSort: true, }); const element_vuln = document.getElementById("vulnsList"); const choice_vuln = new Choices(element_vuln, { shouldSort: true, }); }); function loadSightings() { fetch("/api/sighting/?type=seen") .then(response => response.json()) .then(result => { if (result.metadata.count == 0) { document.getElementById("sightingsChartContainerSeen").style.display = 'none'; } else { document.getElementById("sightingsChartContainerSeen").style.display = 'block'; drawBarChartHomePage(result.data, 'exploitedVulnsChartSeen', 'Mentions over the past week.', 'rgba(75, 192, 75, 0.2)'); } }) .catch((error) => { console.error('Error:', error); }); fetch("/api/sighting/?type=exploited") .then(response => response.json()) .then(result => { if (result.metadata.count == 0) { document.getElementById("sightingsChartContainerExploited").style.display = 'none'; } else { document.getElementById("sightingsChartContainerExploited").style.display = 'block'; drawBarChartHomePage(result.data, 'exploitedVulnsChartExploited', 'Exploitations over the past week.', 'rgba(255, 99, 132, 0.2)'); } }) .catch((error) => { console.error('Error:', error); }); fetch("/api/sighting/?type=confirmed") .then(response => response.json()) .then(result => { if (result.metadata.count == 0) { document.getElementById("sightingsChartContainerConfirmed").style.display = 'none'; } else { document.getElementById("sightingsChartContainerConfirmed").style.display = 'block'; drawBarChartHomePage(result.data, 'exploitedVulnsChartConfirmed', 'Confirmations over the past week.', 'rgba(75, 192, 192, 0.2)'); } }) .catch((error) => { console.error('Error:', error); }); }; function loadComments() { fetch("/api/comment/?per_page=5") .then(response => response.json()) .then(result => { if (result.metadata.count == 0) { } else { result.data .sort(function (a, b) { return new Date(b.updated_at) - new Date(a.updated_at); }) .map(function (comment) { var element = document.createElement("li"); element.setAttribute("class", "list-group-item small-list-group-item"); element.innerHTML = '<a href="/user/'+comment.author.login+'">' + comment.author.login + '</a> commented on <a href="/comment/'+comment.uuid+'">'+comment.vulnerability+'</a>'; document.getElementById("list-comments").appendChild(element); }) } }) .catch((error) => { console.error('Error:', error); }); }; function truncateString(str, maxLength) { if (str.length > maxLength) { return str.slice(0, maxLength) + "..."; } return str; } function loadBundles() { fetch("/api/bundle/?per_page=5") .then(response => response.json()) .then(result => { if (result.metadata.count == 0) { } else { result.data .sort(function (a, b) { return new Date(b.updated_at) - new Date(a.updated_at); }) .map(function (bundle) { var element = document.createElement("li"); element.setAttribute("class", "list-group-item small-list-group-item"); element.innerHTML = '<a href="/user/'+bundle.author.login+'">' + bundle.author.login + '</a> created <a href="/bundle/'+bundle.uuid+'">' + truncateString(bundle.name, 25) +'</a>'; document.getElementById("list-bundles").appendChild(element); }) } }) .catch((error) => { console.error('Error:', error); }); }; </script> </div> </main> <footer class="footer bg-light"> <div class="container"> <div class="row"> <div class="col d-none d-md-block"> <div class="d-flex justify-content-start"> <span class="text-muted"><a href="https://www.circl.lu" rel="noreferrer" target="_blank">Computer Incident Response Center Luxembourg (CIRCL)</a></span> </div> </div> <div class="col"> <div class="d-flex justify-content-end"> <a class="text-end" href="https://vulnerability.circl.lu/dumps/">Dumps</a>   <a class="text-end" href="/users/">Contributors</a>   <a class="text-end" href="/doc">API</a>   <a class="text-end" href="/about">About</a>   </div> </div> </div> </div> </footer> <!-- Optional JavaScript --> <script src="/bootstrap/static/umd/popper.min.js"></script> <script src="/bootstrap/static/js/bootstrap.min.js"></script> <script> if (getCookie("theme") == 'light') { document.getElementById('btnThemeSwitch').innerHTML = '<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-moon-stars-fill" viewBox="0 0 16 16"><path d="M6 .278a.77.77 0 0 1 .08.858 7.2 7.2 0 0 0-.878 3.46c0 4.021 3.278 7.277 7.318 7.277q.792-.001 1.533-.16a.79.79 0 0 1 .81.316.73.73 0 0 1-.031.893A8.35 8.35 0 0 1 8.344 16C3.734 16 0 12.286 0 7.71 0 4.266 2.114 1.312 5.124.06A.75.75 0 0 1 6 .278"/><path d="M10.794 3.148a.217.217 0 0 1 .412 0l.387 1.162c.173.518.579.924 1.097 1.097l1.162.387a.217.217 0 0 1 0 .412l-1.162.387a1.73 1.73 0 0 0-1.097 1.097l-.387 1.162a.217.217 0 0 1-.412 0l-.387-1.162A1.73 1.73 0 0 0 9.31 6.593l-1.162-.387a.217.217 0 0 1 0-.412l1.162-.387a1.73 1.73 0 0 0 1.097-1.097zM13.863.099a.145.145 0 0 1 .274 0l.258.774c.115.346.386.617.732.732l.774.258a.145.145 0 0 1 0 .274l-.774.258a1.16 1.16 0 0 0-.732.732l-.258.774a.145.145 0 0 1-.274 0l-.258-.774a1.16 1.16 0 0 0-.732-.732l-.774-.258a.145.145 0 0 1 0-.274l.774-.258c.346-.115.617-.386.732-.732z"/></svg>'; document.getElementById('vulnerability-lookup-logo').src = '/static/img/VL-hori-coul.png'; document.getElementById('btnThemeSwitch').setAttribute('title', 'Switch to dark theme'); } else { document.getElementById('btnThemeSwitch').innerHTML = '<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-sun-fill" viewBox="0 0 16 16"><path d="M8 12a4 4 0 1 0 0-8 4 4 0 0 0 0 8M8 0a.5.5 0 0 1 .5.5v2a.5.5 0 0 1-1 0v-2A.5.5 0 0 1 8 0m0 13a.5.5 0 0 1 .5.5v2a.5.5 0 0 1-1 0v-2A.5.5 0 0 1 8 13m8-5a.5.5 0 0 1-.5.5h-2a.5.5 0 0 1 0-1h2a.5.5 0 0 1 .5.5M3 8a.5.5 0 0 1-.5.5h-2a.5.5 0 0 1 0-1h2A.5.5 0 0 1 3 8m10.657-5.657a.5.5 0 0 1 0 .707l-1.414 1.415a.5.5 0 1 1-.707-.708l1.414-1.414a.5.5 0 0 1 .707 0m-9.193 9.193a.5.5 0 0 1 0 .707L3.05 13.657a.5.5 0 0 1-.707-.707l1.414-1.414a.5.5 0 0 1 .707 0m9.193 2.121a.5.5 0 0 1-.707 0l-1.414-1.414a.5.5 0 0 1 .707-.707l1.414 1.414a.5.5 0 0 1 0 .707M4.464 4.465a.5.5 0 0 1-.707 0L2.343 3.05a.5.5 0 1 1 .707-.707l1.414 1.414a.5.5 0 0 1 0 .708"/></svg>'; document.getElementById('vulnerability-lookup-logo').src = '/static/img/VL-hori-white-coul.png'; document.getElementById('btnThemeSwitch').setAttribute('title', 'Switch to light theme'); } document.addEventListener("DOMContentLoaded", function() { document.getElementById('btnThemeSwitch').addEventListener('click',()=>{ if (document.documentElement.getAttribute('data-bs-theme') == 'dark') { document.documentElement.setAttribute('data-bs-theme','light') document.getElementById('btnThemeSwitch').innerHTML = '<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-moon-stars-fill" viewBox="0 0 16 16"><path d="M6 .278a.77.77 0 0 1 .08.858 7.2 7.2 0 0 0-.878 3.46c0 4.021 3.278 7.277 7.318 7.277q.792-.001 1.533-.16a.79.79 0 0 1 .81.316.73.73 0 0 1-.031.893A8.35 8.35 0 0 1 8.344 16C3.734 16 0 12.286 0 7.71 0 4.266 2.114 1.312 5.124.06A.75.75 0 0 1 6 .278"/><path d="M10.794 3.148a.217.217 0 0 1 .412 0l.387 1.162c.173.518.579.924 1.097 1.097l1.162.387a.217.217 0 0 1 0 .412l-1.162.387a1.73 1.73 0 0 0-1.097 1.097l-.387 1.162a.217.217 0 0 1-.412 0l-.387-1.162A1.73 1.73 0 0 0 9.31 6.593l-1.162-.387a.217.217 0 0 1 0-.412l1.162-.387a1.73 1.73 0 0 0 1.097-1.097zM13.863.099a.145.145 0 0 1 .274 0l.258.774c.115.346.386.617.732.732l.774.258a.145.145 0 0 1 0 .274l-.774.258a1.16 1.16 0 0 0-.732.732l-.258.774a.145.145 0 0 1-.274 0l-.258-.774a1.16 1.16 0 0 0-.732-.732l-.774-.258a.145.145 0 0 1 0-.274l.774-.258c.346-.115.617-.386.732-.732z"/></svg>'; document.getElementById('vulnerability-lookup-logo').src = '/static/img/VL-hori-coul.png'; document.getElementById('btnThemeSwitch').setAttribute('title', 'Switch to dark theme'); document.cookie = "theme=light; path=/; SameSite=Strict"; } else { document.documentElement.setAttribute('data-bs-theme','dark'); document.getElementById('btnThemeSwitch').innerHTML = '<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-sun-fill" viewBox="0 0 16 16"><path d="M8 12a4 4 0 1 0 0-8 4 4 0 0 0 0 8M8 0a.5.5 0 0 1 .5.5v2a.5.5 0 0 1-1 0v-2A.5.5 0 0 1 8 0m0 13a.5.5 0 0 1 .5.5v2a.5.5 0 0 1-1 0v-2A.5.5 0 0 1 8 13m8-5a.5.5 0 0 1-.5.5h-2a.5.5 0 0 1 0-1h2a.5.5 0 0 1 .5.5M3 8a.5.5 0 0 1-.5.5h-2a.5.5 0 0 1 0-1h2A.5.5 0 0 1 3 8m10.657-5.657a.5.5 0 0 1 0 .707l-1.414 1.415a.5.5 0 1 1-.707-.708l1.414-1.414a.5.5 0 0 1 .707 0m-9.193 9.193a.5.5 0 0 1 0 .707L3.05 13.657a.5.5 0 0 1-.707-.707l1.414-1.414a.5.5 0 0 1 .707 0m9.193 2.121a.5.5 0 0 1-.707 0l-1.414-1.414a.5.5 0 0 1 .707-.707l1.414 1.414a.5.5 0 0 1 0 .707M4.464 4.465a.5.5 0 0 1-.707 0L2.343 3.05a.5.5 0 1 1 .707-.707l1.414 1.414a.5.5 0 0 1 0 .708"/></svg>'; document.getElementById('vulnerability-lookup-logo').src = '/static/img/VL-hori-white-coul.png'; document.getElementById('btnThemeSwitch').setAttribute('title', 'Switch to light theme'); document.cookie = "theme=dark; path=/; SameSite=Strict"; } }) }); </script> </body> </html>