Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-3720 (GCVE-0-2016-3720)
Vulnerability from cvelistv5 – Published: 2016-06-10 15:00 – Updated: 2024-08-06 00:03
VLAI
EPSS
Summary
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.
Severity
9.8 (Critical)
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2016-05-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:03:34.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2016-13b4cae9df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184561.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-10T14:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2016-13b4cae9df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184561.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-13b4cae9df",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184561.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-3720",
"datePublished": "2016-06-10T15:00:00.000Z",
"dateReserved": "2016-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:03:34.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-3720",
"date": "2026-06-20",
"epss": "0.02671",
"percentile": "0.83799"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fasterxml:jackson-dataformat-xml:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.7.3\", \"matchCriteriaId\": \"AA1524B9-D0D5-4689-BCF3-7A3F5ED8D03F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de XXE en XmlMapper en la extensi\\u00f3n de formato Data para Jackson (tambi\\u00e9n conocida como jackson-dataformat-xml) permite a atacantes remotos tener un impacto no especificado a trav\\u00e9s de vectores desconocidos.\"}]",
"id": "CVE-2016-3720",
"lastModified": "2024-11-21T02:50:34.280",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2016-06-10T15:59:04.297",
"references": "[{\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184561.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184561.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-3720\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2016-06-10T15:59:04.297\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de XXE en XmlMapper en la extensi\u00f3n de formato Data para Jackson (tambi\u00e9n conocida como jackson-dataformat-xml) permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de vectores desconocidos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-dataformat-xml:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.7.3\",\"matchCriteriaId\":\"AA1524B9-D0D5-4689-BCF3-7A3F5ED8D03F\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184561.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184561.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Title
Data format extension for Jackson XmlMapper XML外部实体漏洞
Description
Data format extension for Jackson(又名jackson-dataformat-xml)是一个用于为XML和反序列化XML提供替代支持串行化POJO类的扩展模块。
Data format extension for Jackson的XmlMapper中存在XML外部实体漏洞。攻击者可利用该漏洞实施XML外部实体攻击。
Severity
中
Patch Name
Data format extension for Jackson XmlMapper XML外部实体漏洞的补丁
Patch Description
Data format extension for Jackson(又名jackson-dataformat-xml)是一个用于为XML和反序列化XML提供替代支持串行化POJO类的扩展模块。
Data format extension for Jackson的XmlMapper中存在XML外部实体漏洞。攻击者可利用该漏洞实施XML外部实体攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: http://wiki.fasterxml.com/JacksonExtensionXmlDataBinding
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184561.html
Impacted products
| Name | jackson-dataformat-xml XmlMapper |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2016-3720"
}
},
"description": "Data format extension for Jackson\uff08\u53c8\u540djackson-dataformat-xml\uff09\u662f\u4e00\u4e2a\u7528\u4e8e\u4e3aXML\u548c\u53cd\u5e8f\u5217\u5316XML\u63d0\u4f9b\u66ff\u4ee3\u652f\u6301\u4e32\u884c\u5316POJO\u7c7b\u7684\u6269\u5c55\u6a21\u5757\u3002\r\n\r\nData format extension for Jackson\u7684XmlMapper\u4e2d\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bdXML\u5916\u90e8\u5b9e\u4f53\u653b\u51fb\u3002",
"discovererName": "Adam Mari\u0161",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://wiki.fasterxml.com/JacksonExtensionXmlDataBinding",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-03949",
"openTime": "2016-06-13",
"patchDescription": "Data format extension for Jackson\uff08\u53c8\u540djackson-dataformat-xml\uff09\u662f\u4e00\u4e2a\u7528\u4e8e\u4e3aXML\u548c\u53cd\u5e8f\u5217\u5316XML\u63d0\u4f9b\u66ff\u4ee3\u652f\u6301\u4e32\u884c\u5316POJO\u7c7b\u7684\u6269\u5c55\u6a21\u5757\u3002\r\n\r\nData format extension for Jackson\u7684XmlMapper\u4e2d\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bdXML\u5916\u90e8\u5b9e\u4f53\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Data format extension for Jackson XmlMapper XML\u5916\u90e8\u5b9e\u4f53\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "jackson-dataformat-xml XmlMapper"
},
"referenceLink": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184561.html",
"serverity": "\u4e2d",
"submitTime": "2016-06-12",
"title": "Data format extension for Jackson XmlMapper XML\u5916\u90e8\u5b9e\u4f53\u6f0f\u6d1e"
}
FKIE_CVE-2016-3720
Vulnerability from fkie_nvd - Published: 2016-06-10 15:59 - Updated: 2026-06-17 00:46
Severity
Summary
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 24 | |
| fasterxml | jackson-dataformat-xml | * |
{
"affected": [
{
"affectedData": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"source": "secalert@redhat.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
"matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fasterxml:jackson-dataformat-xml:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1524B9-D0D5-4689-BCF3-7A3F5ED8D03F",
"versionEndIncluding": "2.7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XXE en XmlMapper en la extensi\u00f3n de formato Data para Jackson (tambi\u00e9n conocida como jackson-dataformat-xml) permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2016-3720",
"lastModified": "2026-06-17T00:46:15.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-10T15:59:04.297",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184561.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184561.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-HMQ6-FRV3-4727
Vulnerability from github – Published: 2018-10-18 17:43 – Updated: 2022-09-14 00:10
VLAI
Summary
jackson-dataformat-xml vulnerable to XML external entity (XXE)
Details
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.
Severity
9.8 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.fasterxml.jackson.dataformat:jackson-dataformat-xml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-3720"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:40:41Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.",
"id": "GHSA-hmq6-frv3-4727",
"modified": "2022-09-14T00:10:34Z",
"published": "2018-10-18T17:43:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3720"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-hmq6-frv3-4727"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184561.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "jackson-dataformat-xml vulnerable to XML external entity (XXE)"
}
GSD-2016-3720
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-3720",
"description": "XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.",
"id": "GSD-2016-3720",
"references": [
"https://www.suse.com/security/cve/CVE-2016-3720.html",
"https://advisories.mageia.org/CVE-2016-3720.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-3720"
],
"details": "XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.",
"id": "GSD-2016-3720",
"modified": "2023-12-13T01:21:27.873135Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-13b4cae9df",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184561.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,2.7.3]",
"affected_versions": "All versions up to 2.7.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2019-10-10",
"description": "XML external entity (XXE) vulnerability in `XmlMapper` in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.",
"fixed_versions": [
"2.7.4",
"2.8.0"
],
"identifier": "CVE-2016-3720",
"identifiers": [
"CVE-2016-3720"
],
"package_slug": "maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml",
"pubdate": "2016-06-10",
"solution": "Upgrade to versions 2.7.4, 2.8.0 or above.",
"title": "XmlMapper is vulnerable to XXE attack",
"urls": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1328427",
"https://github.com/FasterXML/jackson-dataformat-xml/issues/190"
],
"uuid": "0ce09ffc-da32-4f00-9c82-bb9db0e81db8"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-dataformat-xml:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.7.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3720"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-13b4cae9df",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184561.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": true,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-10-10T12:18Z",
"publishedDate": "2016-06-10T15:59Z"
}
}
}
WID-SEC-W-2025-2123
Vulnerability from csaf_certbund - Published: 2020-05-11 22:00 - Updated: 2025-09-24 22:00Summary
Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Angriff durchzuführen, einen Denial of Service Zustand herbeizuführen, Informationen offenzulegen oder Dateien zu manipulieren.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL8
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el8
|
7.2_EL8 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL7
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el7
|
7.2_EL7 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL6
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el6
|
7.2_EL6 | |
|
Red Hat JBoss Enterprise Application Platform 7.2
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
7.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL8
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el8
|
7.2_EL8 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL7
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el7
|
7.2_EL7 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL6
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el6
|
7.2_EL6 | |
|
Red Hat JBoss Enterprise Application Platform 7.2
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
7.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL8
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el8
|
7.2_EL8 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL7
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el7
|
7.2_EL7 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL6
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el6
|
7.2_EL6 | |
|
Red Hat JBoss Enterprise Application Platform 7.2
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
7.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL8
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el8
|
7.2_EL8 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL7
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el7
|
7.2_EL7 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL6
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el6
|
7.2_EL6 | |
|
Red Hat JBoss Enterprise Application Platform 7.2
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
7.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL8
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el8
|
7.2_EL8 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL7
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el7
|
7.2_EL7 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL6
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el6
|
7.2_EL6 | |
|
Red Hat JBoss Enterprise Application Platform 7.2
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
7.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL8
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el8
|
7.2_EL8 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL7
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el7
|
7.2_EL7 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL6
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el6
|
7.2_EL6 | |
|
Red Hat JBoss Enterprise Application Platform 7.2
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
7.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL8
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el8
|
7.2_EL8 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL7
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el7
|
7.2_EL7 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL6
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el6
|
7.2_EL6 | |
|
Red Hat JBoss Enterprise Application Platform 7.2
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
7.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL8
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el8
|
7.2_EL8 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL7
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el7
|
7.2_EL7 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL6
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el6
|
7.2_EL6 | |
|
Red Hat JBoss Enterprise Application Platform 7.2
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
7.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL8
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el8
|
7.2_EL8 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL7
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el7
|
7.2_EL7 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL6
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el6
|
7.2_EL6 | |
|
Red Hat JBoss Enterprise Application Platform 7.2
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
7.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL8
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el8
|
7.2_EL8 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL7
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el7
|
7.2_EL7 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL6
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el6
|
7.2_EL6 | |
|
Red Hat JBoss Enterprise Application Platform 7.2
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
7.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL8
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el8
|
7.2_EL8 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL7
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el7
|
7.2_EL7 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL6
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el6
|
7.2_EL6 | |
|
Red Hat JBoss Enterprise Application Platform 7.2
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
7.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL8
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el8
|
7.2_EL8 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL7
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el7
|
7.2_EL7 | |
|
Red Hat JBoss Enterprise Application Platform 7.2_EL6
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el6
|
7.2_EL6 | |
|
Red Hat JBoss Enterprise Application Platform 7.2
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
7.2 |
References
22 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JBoss Enterprise Application Platform ist eine skalierbare Plattform f\u00fcr Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Angriff durchzuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen oder Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2123 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2025-2123.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2123 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2123"
},
{
"category": "external",
"summary": "Red Hat Security Adivisory:RHSA-2020:2058 vom 2020-05-11",
"url": "https://access.redhat.com/errata/RHSA-2020:2058"
},
{
"category": "external",
"summary": "Red Hat Security Adivisory:RHSA-2020:2059 vom 2020-05-11",
"url": "https://access.redhat.com/errata/RHSA-2020:2059"
},
{
"category": "external",
"summary": "Red Hat Security Adivisory:RHSA-2020:2060 vom 2020-05-11",
"url": "https://access.redhat.com/errata/RHSA-2020:2060"
},
{
"category": "external",
"summary": "Red Hat Security Adivisory:RHSA-2020:2061 vom 2020-05-11",
"url": "https://access.redhat.com/errata/RHSA-2020:2061"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2112 vom 2020-05-12",
"url": "https://access.redhat.com/errata/RHSA-2020:2112"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2067 vom 2020-05-18",
"url": "https://access.redhat.com/errata/RHSA-2020:2067"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2333 vom 2020-05-28",
"url": "https://access.redhat.com/errata/RHSA-2020:2333"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2512 vom 2020-06-11",
"url": "https://access.redhat.com/errata/RHSA-2020:2512"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2513 vom 2020-06-11",
"url": "https://access.redhat.com/errata/RHSA-2020:2513"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2515 vom 2020-06-10",
"url": "https://access.redhat.com/errata/RHSA-2020:2515"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2511 vom 2020-06-10",
"url": "https://access.redhat.com/errata/RHSA-2020:2511"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2813 vom 2020-07-02",
"url": "https://access.redhat.com/errata/RHSA-2020:2813"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2905 vom 2020-07-23",
"url": "https://access.redhat.com/errata/RHSA-2020:2905"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:3192 vom 2020-07-28",
"url": "https://access.redhat.com/errata/RHSA-2020:3192"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:3585 vom 2020-08-31",
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:3779 vom 2020-09-17",
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:5568 vom 2020-12-16",
"url": "https://access.redhat.com/errata/RHSA-2020:5568"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4741-1 vom 2021-02-18",
"url": "https://ubuntu.com/security/notices/USN-4741-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3140 vom 2021-08-11",
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:16668 vom 2025-09-25",
"url": "https://access.redhat.com/errata/RHSA-2025:16668"
}
],
"source_lang": "en-US",
"title": "Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-09-24T22:00:00.000+00:00",
"generator": {
"date": "2025-09-25T07:56:13.874+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2123",
"initial_release_date": "2020-05-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2020-05-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2020-05-12T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-05-17T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-05-28T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-06-11T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-07-02T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-07-22T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-07-28T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-08-31T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-09-17T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-12-16T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-02-18T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2021-08-11T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-24T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "14"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "7.2",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.2",
"product_id": "T014343",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2"
}
}
},
{
"category": "product_version",
"name": "7.2_EL6",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.2_EL6",
"product_id": "T016501",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el6"
}
}
},
{
"category": "product_version",
"name": "7.2_EL7",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.2_EL7",
"product_id": "T016502",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el7"
}
}
},
{
"category": "product_version",
"name": "7.2_EL8",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.2_EL8",
"product_id": "T016503",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2_el8"
}
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3720",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T016503",
"T016502",
"T016501",
"T014343"
]
},
"release_date": "2020-05-11T22:00:00.000+00:00",
"title": "CVE-2016-3720"
},
{
"cve": "CVE-2019-10172",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T016503",
"T016502",
"T016501",
"T014343"
]
},
"release_date": "2020-05-11T22:00:00.000+00:00",
"title": "CVE-2019-10172"
},
{
"cve": "CVE-2019-12423",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T016503",
"T016502",
"T016501",
"T014343"
]
},
"release_date": "2020-05-11T22:00:00.000+00:00",
"title": "CVE-2019-12423"
},
{
"cve": "CVE-2019-17573",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T016503",
"T016502",
"T016501",
"T014343"
]
},
"release_date": "2020-05-11T22:00:00.000+00:00",
"title": "CVE-2019-17573"
},
{
"cve": "CVE-2020-10705",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T016503",
"T016502",
"T016501",
"T014343"
]
},
"release_date": "2020-05-11T22:00:00.000+00:00",
"title": "CVE-2020-10705"
},
{
"cve": "CVE-2020-10719",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T016503",
"T016502",
"T016501",
"T014343"
]
},
"release_date": "2020-05-11T22:00:00.000+00:00",
"title": "CVE-2020-10719"
},
{
"cve": "CVE-2020-1719",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T016503",
"T016502",
"T016501",
"T014343"
]
},
"release_date": "2020-05-11T22:00:00.000+00:00",
"title": "CVE-2020-1719"
},
{
"cve": "CVE-2020-1729",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T016503",
"T016502",
"T016501",
"T014343"
]
},
"release_date": "2020-05-11T22:00:00.000+00:00",
"title": "CVE-2020-1729"
},
{
"cve": "CVE-2020-1732",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T016503",
"T016502",
"T016501",
"T014343"
]
},
"release_date": "2020-05-11T22:00:00.000+00:00",
"title": "CVE-2020-1732"
},
{
"cve": "CVE-2020-1745",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T016503",
"T016502",
"T016501",
"T014343"
]
},
"release_date": "2020-05-11T22:00:00.000+00:00",
"title": "CVE-2020-1745"
},
{
"cve": "CVE-2020-1757",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T016503",
"T016502",
"T016501",
"T014343"
]
},
"release_date": "2020-05-11T22:00:00.000+00:00",
"title": "CVE-2020-1757"
},
{
"cve": "CVE-2020-7226",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T016503",
"T016502",
"T016501",
"T014343"
]
},
"release_date": "2020-05-11T22:00:00.000+00:00",
"title": "CVE-2020-7226"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…